Practical Cyber Security for Architects of Small Firms (1 AIA CEU) with Angela Render Thunderpaw.com 571-331-5941
Transforming Architecture LLC is a Registered Provider with The American Institute of Architects Continuing Education Systems. Credit earned on completion of this program will be reported to CES Records for AIA members. Certificates of Completion for non-aia members are available on request. This program is registered with the AIA/CES for continuing professional education. As such, it does not include content that may be deemed or construed to be an approval or endorsement by the AIA of any material of construction or any method or manner of handling, using, distributing, or dealing in any material or product. Questions related to specific materials, methods, and services will be addressed at the conclusion of this presentation.
Copyright Materials This presentation is protected by US and International Copyright laws. Reproduction, distribution, display and use of the presentation without written permission of the speaker is prohibited. Transforming Architecture LLC 2009-12
Learning Objectives 1. Define what cyber warfare is and how it applies to individuals and small businesses. 2. Identify a cyber threat. 3. Defend against a cyber threat. 4. Respond to a cyber attack.
What is Cyber Warfare?
What is a Hacker?
Who is the Enemy?
Why Me?
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again. Robert Mueller FBI Director
How do they attack?
Insider
Website
Email Attachments PDF EXE MOV DOCX PPT
SPAM
Social Engineering
Did You Know. Social Networking sites are preferred by hackers for social engineering?
+ + + Name Email Street Address Picture Friend s Names Pets Hobbies Interests + = Profession Employer Phone Number Co-Workers Access to you through Groups
Spear Phishing From: Tim Morlock (tim.morlock@yahoo.com) To: bill.williams@megacorp.com Subject: Nice to Meet You Dear Bill Williams, Thank you for the connection on LinkedIn. Like I mentioned, I m a new-hire at MegaCorp under Jim Pike in sales. Since he s out of town the next week and I m anxious to get to work, I wanted to know if I could get my email and VPN login to the system set up. Sincerely, Tim Morlock Assistant Account Rep. MegaCorp
Friends
What can I do? + +
Passwords Change every 6-12 months Use long passwords that are somewhat complex Use a unique password for each account
Free Email
Email Can Be Fake paranoia pays off. It is definitely a lesson in be careful what you open... even if looks to be coming from your boss, don t open a file if you aren t expecting it. - Reid Wightman, Digital Bond
Encrypted WiFi
Keep Sensitive Data Secure
Dispose of Old Hardware Securely
Write Up a Plan
Object Lesson Who is asking for my information? Do I trust them? Why do they need to know? Will it be kept secure? Could it be used in social engineering?
How is your corporate email handled? A dedicated server in our office A hosting company using our domain name (ourdomain.com) A free email provider (gmail, yahoo, etc) Some other solution Don't know
What do I do?
How do I know? Flaky behavior. Suspicious contacts. (Phone, Email) To you. Mentioned by your partners. Mentioned by your clients.
http://www.surveymonkey.com/s/j2n75hr Thunderpaw.com 571-331-5941
What is TA? The only franchise opportunity for registered architects in the US. 7 franchisees in Texas, Ohio, Maryland, Florida, Virginia and DC Our Mission: To build a professional community that provides clients value through Expertise, Education and Innovation.
Karen Pitsley, AIA Karen@TransformingArchitecture.com TransformingArchitecture.com (301) 776-2666 Angela Render Lioness@Thunderpaw.com Thunderpaw.com (571) 331-5941 Thank You