Minimize litigation risk Discuss security best practices Review security tools and techniques Identify seven cybersecurity must-do s

Transcription

1

2 LEARNING OBJECTIVES Minimize litigation risk Discuss security best practices Review security tools and techniques Identify seven cybersecurity must-do s 2016 Azstec, LLC Slide 2

3 PANEL Imtiaz Munshi, CPA (Subbing is Sajid Patel, Co-Founder Azstec) David Griffith Mark Gibbs Azstec, LLC Slide 3

4 WHY PROTECT DATA? Good business practice Defends firm s reputation Risk mitigation Industry requirements Regulatory requirements Patriot Act exposure Protect intellectual property 2016 Azstec, LLC Slide 4

5 SMALL BUSINESS TECH PC-centric Windows and MS Office and data servers Networking infrastructure Remote access Public cloud Website and private client portal Data backups 2016 Azstec, LLC Slide 5

6 WHERE S THE DATA? At Rest Obvious: data server, backup storage, PCs Not so obvious: , smartphone, cloud, printer In Transit Uploads / downloads LAN and Wi-Fi transmission Online meetings 2016 Azstec, LLC Slide 6

7 DATA BREACHES Accidental: Human error Wrong address Poor passwords Lost/stolen device Deliberate: Internal and external Most likely internal Direct external breach risk for small business lower EXCEPT for malware Azstec, LLC Slide 7

8 BREACH CONSEQUENCES Recovery and notification costs Brand damage Litigation Penalties and fines Theft of IP 2016 Azstec, LLC Slide 8

9 POLLING QUESTION #1 Which of these negative impacts of cybersecurity breaches are you most concerned about? Litigation Ransom demand Loss of reputation Loss of intellectual property 2016 Azstec, LLC Slide 9

10 RISK MITIGATION Make security top of mind Tech policies and procedures Physical security of data Software solutions Hardware solutions D.I.Y. versus IT expert Cyber insurance 2016 Azstec, LLC Slide 10

11 POLICIES AND PROCEDURES Minimize impact of human error Get organizational buy-in Have an appropriate security policy Protect against all breaches Bolster defense in litigation; due care 2016 Azstec, LLC Slide 11

12 SMALL BUSINESS IT ENVIROMENT 2016 Azstec, LLC Slide 12

13 PHYSICAL SECURITY Physical premises access Desktops vs. other devices Kensington locks Terminate ex-employees access Visitor control Maintenance, security, and janitorial The Tao of Shredding 2016 Azstec, LLC Slide 13

14 NETWORK SECURITY Internet firewall Strong passwords and password managers Use Pro versions of Windows OS Anti-malware software Wi-Fi; no WPS and managed guest access Storage access control Disk and encryption software Control and restrict applications 2016 Azstec, LLC Slide 14

15 POLLING QUESTION #2 In your opinion, which of these is the LEAST secure? Smartphones Laptops Data Servers 2016 Azstec, LLC Slide 15

16 HARDWARE SECURITY Protect servers Secure desktops Encrypt all storage Phase out old hardware Infrastructure management Beware the IoT (e.g. Pwn Plug) 2016 Azstec, LLC Slide 16

17 MOBILE DEVICES Smartphones, tablets, laptops, USB drives Company owned or BYOD Data at-rest in mobile devices Need policies and enforcement Mobile device management systems 2016 Azstec, LLC Slide 17

18 REMOTE ACCESS Office desktops Hosted virtual desktops No DIY fixes No Starbucks No home Wi-Fi 2016 Azstec, LLC Slide 18

19 CLOUDS Public, private, hybrid Always encrypt individual files in cloud Patriot Act Section 125 Company policy 2016 Azstec, LLC Slide 19

20 Once leaves sender, security is uncertain Highly vulnerable to human error and hacking Study: 30% of business need encryption Encrypt message body as well as attachments Low adoption of encryption because of complexity 38% who do encrypt use manual encryption Must not interfere with workflow Must maintain file format of encrypted attachments 2016 Azstec, LLC Slide 20

21 BOTTOM LINE Security is complicated Simple is better Passwords really matter Security through systems Systems need policies People make policies work The right tools matter Trust but verify 2016 Azstec, LLC Slide 21

22 POLLING QUESTION #3 How often do you confidential data in Excel, Word? Never Sometimes Quite Often Very Frequently 2016 Azstec, LLC Slide 22

23 THE SEVEN MUST-DO S 1. Use robust logins and passwords 2. Encrypt disk drives and folders 3. Encrypt individual files 4. Encrypt sensitive 5. Protect against malware 6. Keep systems updated 7. Be wary of the Internet of Things (IoT) 2016 Azstec, LLC Slide 23

24 SCHNEIER ON SECURITY Complexity is the worst enemy of security Security is a process not a product People often represent the weakest link in the security chain 2016 Azstec, LLC Slide 24

25 POLLING QUESTION #4 What are your biggest cybersecurity concerns? Securing my data in the cloud Protecting my network from hackers Securing my Preventing employee mistakes from exposing confidential data 2016 Azstec, LLC Slide 25

26 docncrypt ENCRYPTION Designed for CPA/Financial environments Simple installation Integrates into MS Office Simple workflow for high adoption Easy to learn Retains Excel and Word formats Also encrypts message body 2016 Azstec, LLC Slide 26

27 docncrypt ENCRYPTION We specialize in document encryption MS Outlook integration (shipping) Gmail integration (coming soon) Office applications (coming soon) Full bundle for complete document and security 2016 Azstec, LLC Slide 27

28 2016 Azstec, LLC Slide 28

29 docncrypt workflow 2016 Azstec, LLC Slide 29

30 2016 Azstec, LLC Slide 30

31 2016 Azstec, LLC Slide 31

32 2016 Azstec, LLC Slide 32

33 2016 Azstec, LLC Slide 33

34 2016 Azstec, LLC Slide 34

35 2016 Azstec, LLC Slide 35

36 2016 Azstec, LLC Slide 36

37 2016 Azstec, LLC Slide 37

38 2016 Azstec, LLC Slide 38

39 2016 Azstec, LLC Slide 39

40 2016 Azstec, LLC Slide 40

41 2016 Azstec, LLC Slide 41

42 2016 Azstec, LLC Slide 42

43 2016 Azstec, LLC Slide 43

44 2016 Azstec, LLC Slide 44

45 2016 Azstec, LLC Slide 45

46 2016 Azstec, LLC Slide 46

47 2016 Azstec, LLC Slide 47

48 2016 Azstec, LLC Slide 48

49 2016 Azstec, LLC Slide 49

50 2016 Azstec, LLC Slide 50

51 2016 Azstec, LLC Slide 51

52 POLLING QUESTION #5 What action/steps will you take as a result of this webinar? Implement a written cybersecurity policy Start using encryption software Strengthen the logins and passwords we use in my company Consult with my IT person about my Cybersecurity setup 2016 Azstec, LLC Slide 52

53 FREE SOFTWARE AND CYBERSECURITY WORKBOOK Get your FREE 2 month license for docncrypt and your Cybersecurity Workbook at: security.azstec.com click on Or at checkout page use promo code: safe60 (offer expires end of June) 2016 Azstec, LLC Slide 53

54 QUESTIONS? Imtiaz Munshi, CPA David Griffith Mark Gibbs azstec.com 2016 Azstec, LLC Slide 54

55 THANK YOU! Visit us on the web to learn more azstec.com 2016 Azstec, LLC Slide 55