Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Similar documents
Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

How Cyber-Criminals Steal and Profit from your Data

The Cyber War on Small Business

BEST PRACTICES FOR PERSONAL Security

Employee Security Awareness Training

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Cybersecurity The Evolving Landscape

Cyber Security Updates and Trends Affecting the Real Estate Industry

How NOT To Get Hacked

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

Best Practices Guide to Electronic Banking

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

How to Build a Culture of Security

The Internet of Things. Steven M. Bellovin November 24,

Personal Cybersecurity

6 Vulnerabilities of the Retail Payment Ecosystem

Modern two-factor authentication: Easy. Affordable. Secure.

ANATOMY OF AN ATTACK!

Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

PCI Compliance. What is it? Who uses it? Why is it important?

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

SHS Annual Information Privacy and Security Training

OPSEC and defense agains social engineering for devels, execs, and sart-ups

10 FOCUS AREAS FOR BREACH PREVENTION

Defense in Depth Security in the Enterprise

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

Security Practices & File Encryption

What every attorney should know about E-security Also, ESI

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Web Cash Fraud Prevention Best Practices

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

A practical guide to IT security

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

mhealth SECURITY: STATS AND SOLUTIONS

CYBER SECURITY: ALTITUDE DOES NOT MAKE YOU SAFE

PRACTICING SAFE COMPUTING AT HOME

Understanding the Changing Cybersecurity Problem

Internet of Things Toolkit for Small and Medium Businesses

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Webomania Solutions Pvt. Ltd. 2017

Cyber security tips and self-assessment for business

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Attackers Process. Compromise the Root of the Domain Network: Active Directory

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Take Risks in Life, Not with Your Security

Office 365 Buyers Guide: Best Practices for Securing Office 365

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Service Provider View of Cyber Security. July 2017

A General Review of Key Security Strategies

Sage Data Security Services Directory

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

SECURING YOUR HOME NETWORK

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

1) Are employees required to sign an Acceptable Use Policy (AUP)?

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Cyber Security Basics. Presented by Darrel Karbginsky

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

Integrated Access Management Solutions. Access Televentures

The Role of PNT in Cybersecurity Location-based Authentication

Using Biometric Authentication to Elevate Enterprise Security

Cyber Security Risk Management and Identity Theft

THE RISE OF GLOBAL THREAT INTELLIGENCE

2017 Annual Meeting of Members and Board of Directors Meeting

Introduction to Information Security Dr. Rick Jerz

Any conversation about virtualization for small- and medium-sized businesses (SMBs) usually starts around

Cyber Security Guide for NHSmail

CYBERSECURITY MADE SIMPLE

New Jersey Association of School Business Officials Information Security K-12. June 5, 2014

Cyber Security. Building and assuring defence in depth

Cybersecurity Today Avoid Becoming a News Headline

CYBERSECURITY RISK LOWERING CHECKLIST

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

Tips for Passing an Audit or Assessment

Train employees to avoid inadvertent cyber security breaches

CYBER SECURITY AND MITIGATING RISKS

Home Computer and Internet User Security

Assessing Your Incident Response Capabilities Do You Have What it Takes?

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Building Resilience in a Digital Enterprise

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Securing the SMB Cloud Generation

Securing Information Systems

DIGITAL TRUST Making digital work by making digital secure

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Transcription:

Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH Information Services 2013 Louisiana Small Business Person of the Year Implemented ISO 27001 security protocol Implement and manage ALTA/TRID regulation 2

What to Expect? As an USER, OWNER, MANAGER or EXECUTIVE Understand the CRITICAL INFORMATION ASSETS and threats against them Learn the basics of an EFFECTIVE SECURITY PROGRAM Data security is everyone's responsibility not just IT You as the Data Handler The most critical part of any security plan Learn the habits of security It s not about hackers it s about you! Users leak and lose more data than hackers ever steal. Poor data handling habits area leading cause data sprawl, 3

4

Current news/threats RANSOMWARE PHISHING & SOCIAL ENG. INTERNAL THREATS LOST / STOLEN DEVICES 5

More likely threats? Weak security of others who handle your data Equifax, Yahoo et al Non-Profit groups, churches, sports, associations are soft targets Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across many accounts Banks take email to authorize wires Know how your vendors can pose a risk Entire supply chain is at risk - software libraries, firmware, Chinese mfg. USB thumb drives 6

7

Passwords and Account Security of confirmed data breaches leverage a weak, default, or stolen password. 63%Source: 2016 Data Breach Investigations Report from Verizon Change default passwords immediately on any connected device ( if you can*) www.insecam.org 8

Passwords and Account Security of confirmed data breaches leverage a weak, default, or stolen password. 63%Source: 2016 Data Breach Investigations Report from Verizon Change default passwords immediately on any connected device Use more than UPPER / lower case and numbers 52 +10 Numbers +30 UPPER & lower characters in the alphabet Special characters such as [ ] / < >,. % ^ % $ # @!? ~ 92 Possible characters BASE EXPONENT Possible characters Length of password 9

Passwords and Account Security of confirmed data breaches leverage a weak, default, or stolen password. 63%Source: 2016 Data Breach Investigations Report from Verizon Change default passwords immediately on any connected device Use more than UPPER / lower case and numbers Passwords should be replaced with long pass phrases greater than 10 characters i-l0v3-this_te@m! L0ze*>15#Bye2018 10

Passwords and Account Security of confirmed data breaches leverage a weak, default, or stolen password. 63%Source: 2016 Data Breach Investigations Report from Verizon Get and use a Password Vault or Single Sign On product Couple it with 2 Factor Authentication 11

Passwords and Account Security of confirmed data breaches leverage a weak, default, or stolen password. 63%Source: 2016 Data Breach Investigations Report from Verizon Change default passwords immediately on any connected device Use more than UPPER / lower case and numbers Passwords should be replaced with long pass phrases greater than 10 characters Consider a password manager for daily use protected by a super complex passphrase If one site is hacked and you share passwords, all sites need to be changed Activate 2FA (2 Factor Authentication) NEVER have passwords written on paper around your desk!!!! Can be store securely somewhere else. HAVE I BEEN PWNED? www.haveibeenpwned.com 12

Patches and Updates Zero day exploits attack flaws in most software Apply patches ASAP Don t expose systems directly to the internet Flash Adobe Windows Java Firmware in hardware - Cameras - TVs - IOT (internet of things) anything connected to Internet: home automation, entertainment, security, cars, toys, etc 13

Data Protection a reputation and liability issue The data on your systems is often more valuable than the system or business itself 14

Data Protection a reputation and liability issue What is the required TIME TO RECOVER your lost data? A GOOD DATA PROTECTION SYSTEM: Backed up locally and offsite + encrypted Contains many versions Recovers data or systems fast Attached disks and NAS are vulnerable 15

Permissions Users Roles Permissions YOUR PEOPLE THE FUNCTIONS OF YOUR USERS APPROVED AUTHORIZATIONS FOR EACH USER 16

How Do You Secure Your House? PROTECTION DETECTION RESPONSE 17

Physical Security Anticipate avenues of attack and prepare Locked doors Lighting Access control Badges Employee screening Personal Security Logs Cameras WIFI Open ports Documents on desk, in car 18

Awareness Everything depends on this Owners, Executives, and Managers have to lead by example Awareness training is a cultural shift Nearly all breaches can be traced to a human exploit The value of the data is far greater than the equipment it is on. The exposure to liability and loss of reputation are the greatest risks to handling data. 19

Awareness Everything depends on this Don t click links from unsolicited Email Type them into browser or use your Bookmarks Hover mouse over a link to confirm Verify the sender but not by replying to that email. Be careful of Outlook autofill addresses Disposing of data secure deletion, not in MY DOCUMENTS Develop and work within a policy/procedure framework 20

Awareness threats are following you More Vulnerabilities than Ever! Digital records everywhere Conveniences Everything Always ON always connected META Data SMART devices Social Media Smart Phone Online everything Cloud services Cameras 21

Awareness spot phishing email Unsolicited When in doubt DELETE! 22

Malware Protection Don t cheap out here Do not jeopardize the security of your business by relying on free virus protection Improper configuration and lack of updates will make any product useless Better products detect known and unknown threats it s worth the expense 23

Email & Web Security Protect the ENTRY and EXIT points Email and Internet main avenue of cyber attacks and misuse of data Active filtering firewall limit egress Email spam protection Accurate SPF records to reduce spoofing You need reporting to see what is being used by who Prevent accidental access 24

Business Continuity Planning for the unexpected Anticipate what can happen and what affect it can have Ultimate deliverable for your IT service provider Downtime costs much more than hourly service savings 25

Protecting Yourself Activate alerts on your accounts Activate Two Factor Login Use Positive Pay services Freeze your credit accounts Reconcile your own accounts Dual Signature where you can Do not use PC/email to authorize wire transfers Limit exposure of personal data on social media Avoid Public WIFI without a VPN service Change your passwords Delete old accounts 26

CALL TO ACTION Contact RESTECH to schedule: Phishing test Network assessment Cybersecurity consultation (504) 733-5633 www.restech.net EMAIL: info@restech.net

Questions? (504) 733-5633 www.restech.net EMAIL: info@restech.net

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback