Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

Similar documents
Managing Cybersecurity Risk

Jeff Marron, IT Specialist Security National Institute of Standards and Technology (NIST)

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Cyber Risks in the Boardroom Conference

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

mhealth SECURITY: STATS AND SOLUTIONS

The Cyber War on Small Business

Cyber Insurance: What is your bank doing to manage risk? presented by

The Impact of Cybersecurity, Data Privacy and Social Media

Heavy Vehicle Cyber Security Bulletin

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

CYBERSECURITY RISK LOWERING CHECKLIST

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Cybersecurity in Higher Ed

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Jeff Wilbur VP Marketing Iconix

University of Pittsburgh Security Assessment Questionnaire (v1.7)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

A practical guide to IT security

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Cybersecurity The Evolving Landscape

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

Incident Response Table Tops

Internet of Things Toolkit for Small and Medium Businesses

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Education Network Security

The Honest Advantage

Training and Certifying Security Testers Beyond Penetration Testing

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

What It Takes to be a CISO in 2017

PCI DSS COMPLIANCE DATA

Defending Our Digital Density.

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

It s Not If But When: How to Build Your Cyber Incident Response Plan

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Sage Data Security Services Directory

What to do if your business is the victim of a data or security breach?

Cyber Risk for. Small and Medium-Sized Enterprises (SMEs)

Cyber Security. June 2015

Cybersecurity for Health Care Providers

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Personal Cybersecurity

ACM Retreat - Today s Topics:

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Entertaining & Effective Security Awareness Training

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

External Supplier Control Obligations. Cyber Security

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Designing and Building a Cybersecurity Program

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Why you should adopt the NIST Cybersecurity Framework

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Keep the Door Open for Users and Closed to Hackers

Keys to a more secure data environment

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Cyber Attack: Is Your Business at Risk?

Securing the SMB Cloud Generation

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Data Breach Preparation and Response. April 21, 2017

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Combating Cyber Risk in the Supply Chain

Hacking and Cyber Espionage

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

2017 Annual Meeting of Members and Board of Directors Meeting

DATA BREACH NUTS AND BOLTS

VANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

with Advanced Protection

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

End-to-End Trust, Segmentation and Segregation in the IIoT

Information Security in Corporation

Cyber Risk in the Marine Transportation System

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

TEL2813/IS2820 Security Management

Cybersecurity: Incident Response Short

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Cybersecurity, safety and resilience - Airline perspective

Automating the Top 20 CIS Critical Security Controls

Transcription:

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

What to expect from today: The ugly truth about planning Why you need a plan that works Where to turn for planning assistance

Small Businesses are a Target According to Symantec, Nearly HALF of all cyberattacks are now levied against small businesses 60% of companies breached never recover. 2016 43% 40% 60% An attack can set a small business back anywhere from $54,000 to over $100,000 per incident (CNBC). PCWorld in August 2013 reported that of the small businesses who suffered a breach, roughly 60 percent go out of business within six months after the attack.

Small Business Challenges Staying ahead of the threat curve Lack of awareness of the threat Increased scrutiny and liability from buyers, business partners, etc. Business-wide education (not just technical also behavioral) Cost of implementation of adequate protection Recovery after becoming victim Lack of support network

There is NO perfect plan!

Raise awareness of cyber risk within Kansas small business community. Help businesses manage the threat and impact of cyber interference. Foster innovation in cyber security

Cyber Program Elements Industry-Specific Training ASBDC-KS Advisor Development Fostering Innovation Custom Small Business Resources Self Assessments Business Continuity Planning

Launching in Fall of 2017 to assist Kansas small business community to make a reasonable effort to protect their critical data and infrastructure Based off the NIST Framework Serves as the foundation for KSBDC trainings and counseling efforts Designed as a functional tool, not white paper or scare tactic

Other pieces of the Identify section: Who is responsible for cybersecurity in my organization? What devices need protecting? What operating systems are you using? Where do I store my data?

Other pieces of the Protect section: How do you use firewalls? Encryption checklist Accessing files remotely Username check Password check *Note, Identify and Protect sections are larger than last 3

Other pieces of the Detect section: Determining the Impact of an event More complex methods detection

Other pieces of the Respond section: Incorporating Lessons Learned Data Backup Digital Forensics Contact Containing an event

Other pieces of the Recover section: Customized with statespecific information Coming soon, a list of local cyber specialists, lawyers, insurance agents, state agencies, and educational opportunities. Who are your resources? Before a breach identify what resources you will need to help you in the event of a serious IT security event or one which involved client/sensitive information. In the event of a breach your first call should likely be to legal support, an attorney with knowledge of breach response and remediation. Again, you need not put an attorney on retainer, but knowing who you are going to call before you need them will save valuable time in the event of a breach. Identify your legal resources now! You may also wish to consider identifying your local police resources who may be of assistance.

Tips For Small Businesses

Protect against, viruses, spyware and other malicious code Equip computers with antivirus software and antispyware and update regularly. Configure them to update automatically. Top Ten Cybersecurity Tips for Your Small Business Employ best practices on payment cards Isolate payment systems from other less secure systems and do not use the same computer to process payments and surf the internet. Secure your networks Safeguard your Internet connection by using a firewall and by encrypting information. Hide and secure your Wi-Fi network and password protect access to your router. Establish security practices and policies Establish policies for how employees should handle and protect sensitive data, and clearly outline consequences for violating your business cyber policies. Make backup copies of important business data Regularly backup the data on all computers, and try to do it automatically, if possible, and store the copies either offsite or on the cloud. Control physical access to computers and networks Prevent access or use of business computers by unauthorized individuals. Educate employees about cyber threats Teach employees how to protect your business data, including safe use of social networking sites and email Require employees to use strong passwords Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Create a mobile device action plan Require users to password protect all devices, encrypt their data, and install security apps to prevent criminals from stealing information. Set reporting procedures for lost or stolen equipment. Protect all pages on your public-facing website Make security a priority for your entire digital foot-print.

Additional Resources Federal Trade Commission FTC Bulk Order Payment Card Industry Small Merchant Task Force, PCI Security Standards Council Handouts Small Merchant Guide to Safe Payments Small Merchant Questions to Ask Your Vendors SANS Institute Information Security Policy Templates National Cyber Security Alliance https://staysafeonline.org/ U.S. Small Business Administration & Synergy Solutions launched a free, new comprehensive series of web-based cybersecurity training containing up to 10 modules to educate 7(j) eligible small businesses about cybersecurity and steps they can take to protect their company s assets and intellectual property. While the classes are free, they are first come, first serve and will accommodate no more than 50 participants at a time. To register, visit: https://synergysolutions.talentlms.com/.

Brian S. Dennis Director Cybersecurity Center for Small Business 785-864-0286 Brian.dennis@ku.edu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback