MES University: What Every

CIO Should Know About

Cybersecurity

#MES19 | @TheMidmarketCIO

Brought to you by:

Erick SimpsonFounder & Chief Strategist

ErickSimpson.com

Agenda

• 4 Key Cybersecurity Trends

• 7 Cybersecurity Myths

• 3 Top Questions CIOs Should Be Asking Cybersecurity Providers, Leaders and Themselves

• Striking the Right Balance Between Business and Security Needs

• Championing Security and Building it Into Everything IT Does

MSP Mastered®

4 Key Cybersecurity Trends

MSP Mastered®

Key Cybersecurity Trend #1

• Business Email Compromise (BEC, Man In The Middle)

• Attacks in the form of Email Phishing attempts resulting in fraudulent wire transfer payments

• Bogus Invoice tactics where attackers impersonate suppliers requesting fund transfers

• CEO Fraud where attackers rely heavily on social engineering tactics to trick employees and executives, often by impersonating a C-Suite Executive authorized to request wire transfers and directing same to a fraudulent account

• Account Compromise where an email account is hacked and used to request invoice payments to vendors in the account’s contact list, with funds sent to fraudulent accounts

MSP Mastered®

Key Cybersecurity Trend #2

• Mobile Device Security Management

• Mobile Devices are used more than computers

• With banking, email and shopping apps, mobile phones are a target for hackers

• BYOD has made it challenging to secure these devices in the office

• This has created a growing demand in the mobile threat defense market

MSP Mastered®

Key Cybersecurity Trend #3

• BYOD Programs

• BYOD has extended beyond smartphones and tablets

• Compromised devices allow access directly into the business network

• Using wireless networks outside the office introduce risk of information interception

• These devices are a malware risk factor

MSP Mastered®

Key Cybersecurity Trend #4

• Cloud Storage Services Introduce Business Risk

• Cloud computing increases malware and ransomware risks

• Potential exists for employees to access the Cloud for personal email uses, potentially exposing sensitive data to external threats

• Users may use the same password for personal as well as business app and Cloud platforms, increasing business risk in the event of an external personal platform or app data breach

MSP Mastered®

Cybersecurity Myth #1

• If you’re using a password-protected Wi-Fi network, it’s secure

MSP Mastered®

Cybersecurity Myth #2

• Cyberattacks only happen to big companies, nobody wants my data

MSP Mastered®

Cybersecurity Myth #3

• We implemented security measures last year, we’re good

MSP Mastered®

Cybersecurity Myth #4

• Cybersecurity is purely a defensive process

MSP Mastered®

Cybersecurity Myth #5

• Cybersecurity attacks are external threats

MSP Mastered®

Cybersecurity Myth #6

• Strong passwords and encrypted Wi-Fi are good enough to protect against hackers

MSP Mastered®

Cybersecurity Myth #7

• External security assessments aren’t necessary – we’ve got this

MSP Mastered®

3 Top Questions CIOs Should Be Asking Their Security Providers,

Leaders and Themselves

MSP Mastered®

Question 1

“What Is the Prioritized List of Business Risks That Our Leaders Have Explicitly Identified as the Focus Our Cybersecurity Program?”

MSP Mastered®

Question 2

“What Is the Framework of Risk Management Controls Upon Which We’re Building Our Cybersecurity Program to Address the Prioritized Business Risks?”

MSP Mastered®

Question 3“What Is the Plan for Addressing the Prioritized Risks That We’ve Identified as Most Crucial?”

MSP Mastered®

Balancing the Needs of Business Productivity and Security

A good cybersecurity strategy should consider the people and processes it impacts as much as the protection it provides

Strong privileged access controls and password management solutions are essential for success

When managed properly through a Privileged Access Management (PAM) solution, privileged credentials can foster increased productivity while simultaneously addressing security concerns for administrators, admins and 3rd party vendors

MSP Mastered®

Championing Data Security and Building it Into Everything IT Does

• Elect a Security Champion to be accountable

• Conduct Security Awareness Training for all staff

• Identify staff, vendors and others with privileged account access and ensure they complete advanced Security Awareness Training

• Implement a solid data security and backup policy with regular testing to ensure continuity in case of ransom or disaster

• Work with leadership to promote security and privacy policies

• Communicate IT security and privacy policy changes company wide

MSP Mastered®

#MES19

Rate Sessions in the App

1. Tap on Agenda icon

2. Tap on the session you want to rate

3. Rate session on scale of 1 – 7

4. Write a comment (if you want)

5. Hit Submit!