LEARNING OBJECTIVES Minimize litigation risk Discuss ...LEARNING OBJECTIVES •Minimize litigation...
Transcript of LEARNING OBJECTIVES Minimize litigation risk Discuss ...LEARNING OBJECTIVES •Minimize litigation...
LEARNING OBJECTIVES
• Minimize litigation risk
• Discuss security best practices
• Review security tools and techniques
• Identify seven cybersecurity “must-do’s”
2016 © Azstec, LLC Slide 2
PANEL
Imtiaz Munshi, CPA
(Subbing is Sajid Patel, Co-Founder Azstec)[email protected]
https://www.linkedin.com/in/imtiaz-munshi-57725a
David [email protected]
https://www.linkedin.com/in/david-griffith-9020b813
Mark [email protected]
https://www.linkedin.com/in/mgibbs
2016 © Azstec, LLC Slide 3
WHY PROTECT DATA?
• Good business practice
• Defends firm’s reputation
• Risk mitigation
• Industry requirements
• Regulatory requirements
• Patriot Act exposure
• Protect intellectual property
2016 © Azstec, LLC Slide 4
SMALL BUSINESS TECH
• PC-centric
• Windows and MS Office
• Email and data servers
• Networking infrastructure
• Remote access
• Public cloud
• Website and private client portal
• Data backups
2016 © Azstec, LLC Slide 5
WHERE’S THE DATA?
At Rest
• Obvious: data server, backup storage, PCs
• Not so obvious: email, smartphone, cloud, printer
In Transit
• Uploads / downloads
• LAN and Wi-Fi transmission
• Online meetings
2016 © Azstec, LLC Slide 6
DATA BREACHES
• Accidental: Human error
– Wrong email address
– Poor passwords
– Lost/stolen device
• Deliberate: Internal and external
– Most likely internal
– Direct external breach risk for small business lower
EXCEPT for malware.
2016 © Azstec, LLC Slide 7
BREACH CONSEQUENCES
• Recovery and notification costs
• Brand damage
• Litigation
• Penalties and fines
• Theft of IP
2016 © Azstec, LLC Slide 8
POLLING QUESTION #1
Which of these negative impacts of cybersecurity breaches are you most concerned about?
Litigation
Ransom demand
Loss of reputation
Loss of intellectual property
2016 © Azstec, LLC Slide 9
RISK MITIGATION
• Make security “top of mind”
• Tech policies and procedures
• Physical security of data
• Software solutions
• Hardware solutions
• D.I.Y. versus IT expert
• Cyber insurance
2016 © Azstec, LLC Slide 10
POLICIES AND PROCEDURES
• Minimize impact of human error
• Get organizational buy-in
• Have an appropriate security policy
• Protect against all breaches
• Bolster defense in litigation; “due care”
2016 © Azstec, LLC Slide 11
SMALL BUSINESS IT
ENVIROMENT
2016 © Azstec, LLC Slide 12
PHYSICAL SECURITY
• Physical premises access
• Desktops vs. other devices
• Kensington locks
• Terminate ex-employees’ access
• Visitor control
• Maintenance, security, and janitorial
• The Tao of Shredding
2016 © Azstec, LLC Slide 13
NETWORK SECURITY
• Internet firewall
• Strong passwords and password managers
• Use “Pro” versions of Windows OS
• Anti-malware software
• Wi-Fi; no WPS and managed guest access
• Storage access control
• Disk and email encryption software
• Control and restrict applications
2016 © Azstec, LLC Slide 14
POLLING QUESTION #2
In your opinion, which of these is the LEAST
secure?
Smartphones
Laptops
Data Servers
2016 © Azstec, LLC Slide 15
HARDWARE SECURITY
• Protect servers
• Secure desktops
• Encrypt all storage
• Phase out old hardware
• Infrastructure management
• Beware the IoT (e.g. Pwn Plug)
2016 © Azstec, LLC Slide 16
MOBILE DEVICES
• Smartphones, tablets, laptops, USB drives
• Company owned or BYOD
• Data “at-rest” in mobile devices
• Need policies… and enforcement
• Mobile device management systems
2016 © Azstec, LLC Slide 17
REMOTE ACCESS
• Office desktops
• Hosted virtual desktops
• No DIY fixes
• No Starbucks
• No home Wi-Fi
2016 © Azstec, LLC Slide 18
CLOUDS
• Public, private, hybrid
• Always encrypt individual files in cloud
• Patriot Act Section 125
• Company policy
2016 © Azstec, LLC Slide 19
• Once email leaves sender, security is uncertain
• Highly vulnerable to human error and hacking
• Study: 30% of business email need encryption
• Encrypt message body as well as attachments
• Low adoption of encryption because of complexity
• 38% who do encrypt use manual encryption
• Must not interfere with workflow
• Must maintain file format of encrypted attachments
2016 © Azstec, LLC Slide 20
BOTTOM LINE
• Security is complicated
• Simple is better
• Passwords really matter
• Security through systems
• Systems need policies
• People make policies work
• The right tools matter
• Trust but verify
2016 © Azstec, LLC Slide 21
POLLING QUESTION #3
How often do you email confidential data in
Excel, Word ?
Never
Sometimes
Quite Often
Very Frequently
2016 © Azstec, LLC Slide 22
THE SEVEN MUST-DO’S
1. Use robust logins and passwords
2. Encrypt disk drives and folders
3. Encrypt individual files
4. Encrypt sensitive email
5. Protect against malware
6. Keep systems updated
7. Be wary of the Internet of Things (IoT)
2016 © Azstec, LLC Slide 23
SCHNEIER ON SECURITY
2016 © Azstec, LLC
“Complexity is the worst enemy of security”
“Security is a process not a product”
“People often represent the weakest
link in the security chain”
Slide 24
POLLING QUESTION #4
What are your biggest cybersecurity concerns?
Securing my data in the cloud
Protecting my network from hackers
Securing my email
Preventing employee mistakes from exposing confidential data
2016 © Azstec, LLC Slide 25
docNCRYPT™ ENCRYPTION
• Designed for CPA/Financial environments
• Simple installation
• Integrates into MS Office
– Simple workflow for high adoption
– Easy to learn
• Retains Excel and Word formats
• Also encrypts email message body
2016 © Azstec, LLC Slide 26
docNCRYPT™ ENCRYPTION
• We specialize in document encryption
– MS Outlook integration (shipping)
– Gmail integration (coming soon)
– Office applications (coming soon)
• Full bundle for complete document and
email security
2016 © Azstec, LLC Slide 27
2016 © Azstec, LLC Slide 28
docNCRYPT workflow
2016 © Azstec, LLC Slide 29
2016 © Azstec, LLC Slide 30
2016 © Azstec, LLC Slide 31
2016 © Azstec, LLC Slide 32
2016 © Azstec, LLC Slide 33
2016 © Azstec, LLC Slide 34
2016 © Azstec, LLC Slide 35
2016 © Azstec, LLC Slide 36
2016 © Azstec, LLC Slide 37
2016 © Azstec, LLC Slide 38
2016 © Azstec, LLC Slide 39
2016 © Azstec, LLC Slide 40
2016 © Azstec, LLC Slide 41
2016 © Azstec, LLC Slide 42
2016 © Azstec, LLC Slide 43
2016 © Azstec, LLC Slide 44
2016 © Azstec, LLC Slide 45
2016 © Azstec, LLC Slide 46
2016 © Azstec, LLC Slide 47
2016 © Azstec, LLC Slide 48
2016 © Azstec, LLC Slide 49
2016 © Azstec, LLC Slide 50
2016 © Azstec, LLC Slide 51
POLLING QUESTION #5
What action/steps will you take as a result of this webinar?
Implement a written cybersecurity policy
Start using email encryption software
Strengthen the logins and passwords we use in my company
Consult with my IT person about my Cybersecurity setup
2016 © Azstec, LLC Slide 52
FREE SOFTWARE AND
CYBERSECURITY WORKBOOK
Get your FREE 2 month license for docNCRYPT and your Cybersecurity Workbook
at:
security.azstec.com
click on
Or at checkout page use promo code: “safe60”(offer expires end of June)
2016 © Azstec, LLC Slide 53
QUESTIONS?
Imtiaz Munshi, [email protected]
David [email protected]
Mark [email protected]
azstec.com
2016 © Azstec, LLC Slide 54
THANK YOU!
2016 © Azstec, LLC
Visit us on the web to learn more…
azstec.com
Slide 55