meeting the cybersecurity challenge
TRANSCRIPT
Live Webinar:
Webinar Audio:
You can dial the telephone numbers located on your webinar panel.
Or listen in using your headphones or computer speakers.
Welcome!
Webinar DetailsWebinar Details
• Presentation is roughly 1 hour
• All phone lines are muted
• If anyone has any questions during this webinar – please type them in your Questions Box located at the bottom of your webinar panel
Today’s Presenters
Rocco PassafuimeDirector of InfrastructureNet@Work
Laura KibbeManaging Director of Professional Services RVM Enterprises, Inc.
Webinar Details
180+ Business
Technology
Architects and
Consultants
IT Road Mapping
& Strategic Planning
Business Process Review
Ecosystem
BI, Analytics & Reporting
Cloud & IT
Managed Services
ERP/Accounting
Web Development & e-Commerce
Sister Company
Payment Processing
SWYPESister Company
CRM & Marketing
Automation
HRMS/Employer Solutions
Document Management
NonprofitSolutions
Managed Print Services
Sister Company
What is a Data Breach?
• Incident where information is stolen from a system without authorization
• Victims are typically large companies and data stolen tends to be sensitive, proprietary or confidential (Customer lists, credit card numbers, etc.)
• Financial and reputational damage as a result of a data breach is significant.
Inadvertent Invitations
Sometimes data breaches are not directed into he company iteself:
• Lost or stolen devices
• Malware infected [personal devices that connect to the company’s network
• Employee sharing of information and files with friends (e.g., “let me borrow that PowerPoint?”)
Financial Cost - Ponemon Cost of Data Breach Study
Who? 383 Companies, 12 countries
Damage? Average cost is $4 million
Trend? 29 % increase since 2013
How Can You Prevent a Data Breach?
• Training
• Encryption
• Intrusion Detection and Prevention
• Content Filtering
• Vulnerability Assessment
• Patch Management
• System Monitoring
• Backup
What is BYOD?Bring Your Own Device refers to the policy of allowing
employees to purchase and integrate their own devices into a corporate network
While businesses benefits like effifcicny and employee satisfaction arwe real, IT departments find it difficult to balance changing technology landscapes and face new security concerns.
Benefits of BYOD - Company
• Enhanced employee productivity - immediate access to work when away from the office
• Employees are much more likely to protect and care for their own devices. This equates to decreased expenditures due to damaged or stolen devices and data loss.
• Device ownership costs shifted to the employee rather than the employer.
• For Gens Y and Z, 50% expect the same technology to be available at work as at home.
Benefits of BYOD - Employee
• Efficient – carry 1 device instead of 2
• Consistency – because it’s one device, you can save settings and documents, pictures all in one place
• Choice – employee picks which type of device they want (iPhone, Galaxy etc.) so they are happier
Best Practices
• Clearly defined written policy with signed acknowledgement
• Training on policy
• Good mobile device management solution
• Smart passwords
• Monitoring and security reporting
• Deceptive Phishing
Email messages that claims themselves as recognized sources and asks for your personal details, verification code or even to make a payment.
Scam objective -To trick the user into providing personal details to access his bank account.
• Spear Phishing
A Sophisticated version in which the sender uses available information to direct his request at you.
Scam objective-Directly targets you for acquiring all your bank details or any other data.
• CEO Fraud
Phishers use an email address similar to that of an authority to request payments or data from others within the company or an organization.
Scam objective - To transfer the money directly from victim to cybercriminals.
• Pharming
Scam in which a hacker hijacks a website’s domain name and uses it to redirect the visitors to some other site.
Scam objective-To intercept and steal online payments
• Dropbox Phishing
A Scam that looks real and claims to have come from a Dropboxrequests the user to click on the link to secure their account details or to share a downloaded file.
Scam objective-To install malware on victim’s PC.
Preventing Phishing Leaks
• Strong internal firewall management
• Refuse to provide your personal details
• Report suspicious emails
• Use strong anti-virus software
Malware is a malicious software that gets installed in your device and performs unwanted tasks.
Mainly designed to transmit information about your web browsing habits to the third party
Viruses
• Software that replicates itself and spreads by damaging and deleting the files.
• Virus enters your device via attached images, greeting, audio/video files , downloads etc.
Spyware
• Spyware is a program that gets installed without the user’s permission.
• It monitors the user’s activities on the internet and transmits that information to the third party.
Adware
• Software where advertising banners are displayed while any program is running.
• It automatically downloads to your device while browsing any website
• It is used by companies for marketing purposes
Worms
• Malicious program that make copies of itself on local device, network shares etc.
• They make the working of your device slower.
Trojan Horse
• A Trojan Horse is a program containing malicious or harmful code.
• Entering a computer, it performs various tasks like corrupting files and sending out personal information.
Spam
• Method of flooding the internet with the copies of the same message
• It is for the purpose of advertising, phishing, spreading malware etc.
Rootkits
• Software hidden deep inside your device which remains undetected.
• It transmits all your sensitive information
Are the systems in place enough?
• Most companies have robust IT security systems in place at a macro level – looking for hackers etc.
• The employee armed with a simple laptop and a thumb drive does the most damage.
The Dilemma
• There’s an inherent tension between giving employees access to the highly confidential trade secrets they need to do their job and locking down the information’s use to prevent theft.
What is an employer to do?
• Clearly document policies and controls: Acceptable Use etc.
• Conduct fraud and awareness training for all employees
• Conduct regular information security audits
• Implement strict password policies
• Enforce delegations of authority and access to information (only allow access to what is needed to perform the job)
• Institute stringent access controls. Backup and recover processes
• Shut down unauthorized data exfiltration means: USB, Bluetooth, media cards, etc.
• Institute a formal insider threat response plan
What Is It?
• Type of malware that restricts access to the infected computer system and demans that a user pay ransom to get access to the files
• How does it restrict access:• Encrypts files
• Locks system access
• Crashes system
• Disrupts and annoys – opening browser windows, displaying pornographic images
What’s Bitcoin
• Internet currency
• Like a casino chip, “coins” have no intrinsic value but they can be traded for real value when you leave
Why Bitcoin for Ransom?
• Bitcoin converst directly into local currency
• Low transaction fees
• Faster than checks, wire transfers, and, even credit cards
• Because not government backed, lightly regulated
Bitcoin solves the problem with a fast, untraceable payment system that makes ransoms much easier to pay—and for cyber criminals, much safer to collect without getting caught
Thank You For Attending!
Connect with
800-719-3307
www.netatwork.com
netatwork.com/blog
Net@Work YouTube
Follow us on Twitter: @netatwork_corp
Follow Net@Work on LinkedIn
Follow Net@Work on Google+
Follow Net@Work on Facebook
For More Information Contact Your Net@Work Account ManagerOr Contact Us using the information below:
Rocco Passafuime | Net@WorkDirector of Infrastructure Sales(P) 646-517-6093(E) [email protected]