Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself?

2/11/2015 Asher Dahan

2

Agenda

Security Hack2FASecurity ConcernsCase StudiesSecurity ProcessSecurity Preparation

ExamplesPreventionRecent BreachesCosts of a BreachCyber Insurance

3

Security Hack Security Demo

2FA – what is it and why you should use it everywhere you can

5

Security Concerns Broad security concerns for businesses

For remote users For home users For firms that hold client data (legal implications)

In an Information Age, Information is Power How much is your info worth to hackers? A LOT!

Info is saved, stored, and flows freelyMobility BYOD Some employees have a tendency to be careless – it takes only one!

6

Case Studies Law firm and insurance company

Security issuesRisk?

TJX, Home Depot, Target, JP Morgan, Anthem Vermont Country Store, other smaller companies HIPAA

7

Security is a Process of Prevention Security is an ongoing process and there is no such thing as

being completely secure!!! The criminals work at this all day, every day, and so must your

security team.You must have a team working together to enforce security and

comprised of….. Management Legal Communications IT/Security

What can small/mid-size businesses do specifically to reduce their risk of exposure to a security breach?

Manage IT from a security standpoint Behavior modification – passwords, remote logins, trainingOngoing monitoring, Two-factor authentication, employment

policiesDistrust & Caution are the Parents of Security (Ben Franklin) Security protocols, Vigilance, etc….

9

Security Preparation30% of small business get hacked each year - of them, 60% close within in a year

Security Preparation (2)

Take a proactive approach Have a written plan in place on how to protect before, during,

and after an attempt to breach Developed by your IT, Security and Legal teams

Put a C-level person on it Risk management

Shift risk (& make yourself a good risk – see yourself through the lens of an insurer)

Cycle, Prevent, Detect, Respond, Recover

Elements of a PlanTreat company information like the crown jewelsUnderstand what you have, why/how you store & secure it, why you keep it.You cannot lose data you don’t have. Risk cannot be managed after a breach occurs when panic and confusion have

set in. Calm communication of facts shows a company in control of itself, its systems,

and the story.

12

Cyber Insurance

Cyber insurance Policy for the business

Policy for client data

Coverage? Are all policies the same? Expense? Directors & Officers?

Class actions? Is there a standard of care for negligence?

All are good questions – get your insurance broker involved and ask the questions !!

13

Examples How small business data get hacked What has been seen out in the field and how was it handled.

Law FirmManufacturerEntertainment CompanyStart up

14

Recent Breaches Why are large companies like Target and Home Depot

breached? What could have been done better?

What lessons we take from those events that can be implemented for any business, of any size?

Board of Directors, Corporate Officers How much and when to disclose/notify

Penalties vs. harm to the corporate image

15

Costs of a Breach IT Costs

Investigation

Remediation

Business Interruption

Recovery & Prevention

Management & P R Costs

Notification (Regulatory Compliance) of Affected Parties

External Communications (P R)/Loss of Reputation/Share Price

Legal advise & counseling

Legal Team

Litigation Costs (Defense and Indemnity), Class Actions

The Forensic point of view – if data needs to be analyzed as to who did what, when, how

16

Top 10 Breaches (that were published as of October 2014)

Thank You! Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can

You do to Protect Yourself?

2/11/2015 Asher Dahan