LEARNING OBJECTIVES

• Minimize litigation risk

• Discuss security best practices

• Review security tools and techniques

• Identify seven cybersecurity “must-do’s”

2016 © Azstec, LLC Slide 2

PANEL

Imtiaz Munshi, CPA

(Subbing is Sajid Patel, Co-Founder Azstec)imunshi@azstec.com

https://www.linkedin.com/in/imtiaz-munshi-57725a

David Griffithdgriffith@azstec.com

https://www.linkedin.com/in/david-griffith-9020b813

Mark Gibbsmgibbs@gibbs.com

https://www.linkedin.com/in/mgibbs

2016 © Azstec, LLC Slide 3

WHY PROTECT DATA?

• Good business practice

• Defends firm’s reputation

• Risk mitigation

• Industry requirements

• Regulatory requirements

• Patriot Act exposure

• Protect intellectual property

2016 © Azstec, LLC Slide 4

SMALL BUSINESS TECH

• PC-centric

• Windows and MS Office

• Email and data servers

• Networking infrastructure

• Remote access

• Public cloud

• Website and private client portal

• Data backups

2016 © Azstec, LLC Slide 5

WHERE’S THE DATA?

At Rest

• Obvious: data server, backup storage, PCs

• Not so obvious: email, smartphone, cloud, printer

In Transit

• Email

• Uploads / downloads

• LAN and Wi-Fi transmission

• Online meetings

2016 © Azstec, LLC Slide 6

DATA BREACHES

• Accidental: Human error

– Wrong email address

– Poor passwords

– Lost/stolen device

• Deliberate: Internal and external

– Most likely internal

– Direct external breach risk for small business lower

EXCEPT for malware.

2016 © Azstec, LLC Slide 7

BREACH CONSEQUENCES

• Recovery and notification costs

• Brand damage

• Litigation

• Penalties and fines

• Theft of IP

2016 © Azstec, LLC Slide 8

POLLING QUESTION #1

Which of these negative impacts of cybersecurity breaches are you most concerned about?

Litigation

Ransom demand

Loss of reputation

Loss of intellectual property

2016 © Azstec, LLC Slide 9

RISK MITIGATION

• Make security “top of mind”

• Tech policies and procedures

• Physical security of data

• Software solutions

• Hardware solutions

• D.I.Y. versus IT expert

• Cyber insurance

2016 © Azstec, LLC Slide 10

POLICIES AND PROCEDURES

• Minimize impact of human error

• Get organizational buy-in

• Have an appropriate security policy

• Protect against all breaches

• Bolster defense in litigation; “due care”

2016 © Azstec, LLC Slide 11

SMALL BUSINESS IT

ENVIROMENT

2016 © Azstec, LLC Slide 12

PHYSICAL SECURITY

• Physical premises access

• Desktops vs. other devices

• Kensington locks

• Terminate ex-employees’ access

• Visitor control

• Maintenance, security, and janitorial

• The Tao of Shredding

2016 © Azstec, LLC Slide 13

NETWORK SECURITY

• Internet firewall

• Strong passwords and password managers

• Use “Pro” versions of Windows OS

• Anti-malware software

• Wi-Fi; no WPS and managed guest access

• Storage access control

• Disk and email encryption software

• Control and restrict applications

2016 © Azstec, LLC Slide 14

POLLING QUESTION #2

In your opinion, which of these is the LEAST

secure?

Email

Smartphones

Laptops

Data Servers

2016 © Azstec, LLC Slide 15

HARDWARE SECURITY

• Protect servers

• Secure desktops

• Encrypt all storage

• Phase out old hardware

• Infrastructure management

• Beware the IoT (e.g. Pwn Plug)

2016 © Azstec, LLC Slide 16

MOBILE DEVICES

• Smartphones, tablets, laptops, USB drives

• Company owned or BYOD

• Data “at-rest” in mobile devices

• Need policies… and enforcement

• Mobile device management systems

2016 © Azstec, LLC Slide 17

REMOTE ACCESS

• Office desktops

• Hosted virtual desktops

• No DIY fixes

• No Starbucks

• No home Wi-Fi

2016 © Azstec, LLC Slide 18

CLOUDS

• Public, private, hybrid

• Always encrypt individual files in cloud

• Patriot Act Section 125

• Company policy

2016 © Azstec, LLC Slide 19

EMAIL

• Once email leaves sender, security is uncertain

• Highly vulnerable to human error and hacking

• Study: 30% of business email need encryption

• Encrypt message body as well as attachments

• Low adoption of encryption because of complexity

• 38% who do encrypt use manual encryption

• Must not interfere with workflow

• Must maintain file format of encrypted attachments

2016 © Azstec, LLC Slide 20

BOTTOM LINE

• Security is complicated

• Simple is better

• Passwords really matter

• Security through systems

• Systems need policies

• People make policies work

• The right tools matter

• Trust but verify

2016 © Azstec, LLC Slide 21

POLLING QUESTION #3

How often do you email confidential data in

Excel, Word ?

Never

Sometimes

Quite Often

Very Frequently

2016 © Azstec, LLC Slide 22

THE SEVEN MUST-DO’S

1. Use robust logins and passwords

2. Encrypt disk drives and folders

3. Encrypt individual files

4. Encrypt sensitive email

5. Protect against malware

6. Keep systems updated

7. Be wary of the Internet of Things (IoT)

2016 © Azstec, LLC Slide 23

SCHNEIER ON SECURITY

2016 © Azstec, LLC

“Complexity is the worst enemy of security”

“Security is a process not a product”

“People often represent the weakest

link in the security chain”

Slide 24

POLLING QUESTION #4

What are your biggest cybersecurity concerns?

Securing my data in the cloud

Protecting my network from hackers

Securing my email

Preventing employee mistakes from exposing confidential data

2016 © Azstec, LLC Slide 25

docNCRYPT™ ENCRYPTION

• Designed for CPA/Financial environments

• Simple installation

• Integrates into MS Office

– Simple workflow for high adoption

– Easy to learn

• Retains Excel and Word formats

• Also encrypts email message body

2016 © Azstec, LLC Slide 26

docNCRYPT™ ENCRYPTION

• We specialize in document encryption

– MS Outlook integration (shipping)

– Gmail integration (coming soon)

– Office applications (coming soon)

• Full bundle for complete document and

email security

2016 © Azstec, LLC Slide 27

2016 © Azstec, LLC Slide 28

docNCRYPT workflow

2016 © Azstec, LLC Slide 29

2016 © Azstec, LLC Slide 30

2016 © Azstec, LLC Slide 31

2016 © Azstec, LLC Slide 32

2016 © Azstec, LLC Slide 33

2016 © Azstec, LLC Slide 34

2016 © Azstec, LLC Slide 35

2016 © Azstec, LLC Slide 36

2016 © Azstec, LLC Slide 37

2016 © Azstec, LLC Slide 38

2016 © Azstec, LLC Slide 39

2016 © Azstec, LLC Slide 40

2016 © Azstec, LLC Slide 41

2016 © Azstec, LLC Slide 42

2016 © Azstec, LLC Slide 43

2016 © Azstec, LLC Slide 44

2016 © Azstec, LLC Slide 45

2016 © Azstec, LLC Slide 46

2016 © Azstec, LLC Slide 47

2016 © Azstec, LLC Slide 48

2016 © Azstec, LLC Slide 49

2016 © Azstec, LLC Slide 50

2016 © Azstec, LLC Slide 51

POLLING QUESTION #5

What action/steps will you take as a result of this webinar?

Implement a written cybersecurity policy

Start using email encryption software

Strengthen the logins and passwords we use in my company

Consult with my IT person about my Cybersecurity setup

2016 © Azstec, LLC Slide 52

FREE SOFTWARE AND

CYBERSECURITY WORKBOOK

Get your FREE 2 month license for docNCRYPT and your Cybersecurity Workbook

at:

security.azstec.com

click on

Or at checkout page use promo code: “safe60”(offer expires end of June)

2016 © Azstec, LLC Slide 53

QUESTIONS?

Imtiaz Munshi, CPAimunshi@azstec.com

David Griffithdgriffith@azstec.com

Mark Gibbsmgibbs@azstec.com

azstec.com

2016 © Azstec, LLC Slide 54

THANK YOU!

2016 © Azstec, LLC

Visit us on the web to learn more…

azstec.com

Slide 55