Cyber Attacks and Hacking: What You Need to Know About Data Privacy and SecurityFriday, October 23, 2015

Jacqueline Harris, CPM®, CCIM®Director of Training & AdministrationDigital Realty

Kevin BodellSystems and Infrastructure ManagerCity Creek Reserve, Inc.

Smart Chick Megan OrserSmart Apartment Solutions

BREAKING NEWS….CIA “HACKED”?

TUESDAY, OCTOBER 20, 2015

“It’s no longer a matter of if a company gets hacked, it’s only a matter of when.”

Mark Stamford, OCCAMSEC

Symantec found that 17 percent of all android apps were actually malware in

disguise.

Ransomware attacks grew 113 percent in 2014, along

with 45 times more crypto-ransomware

attacks.

2014 2013

168127

New Mobile Vulnerabilities

2014 2013

24000

11000

Ransomware Total

2015 INTERNET SECURITY THREAT REPORT, Symantec

Who is getting hacked.

Small BusinessA recent infographic by Towergate Insurance said that last year, 97

percent of smaller businesses neglected to prioritize online security improvement for future business growth.

VS

It’s not IF,It’s

WHEN!

Today’s Cyber Attacks

Social EngineeringPhishingHackingRansomware

What is Social Engineering?A non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures

Social engineering is one of the most effective ways to circumvent established security protocol

Targets human “vulnerabilities” (helpfulness, fear, insecurity)

10

“Hacking” what’s at risk for Property Managers?

Building Management SystemsEnergy Management SystemsEmergency Notification SystemsCustomer PortalsIntegrated Work Management SystemsPoor Password ProtectionUnmonitored Access PointsRudimentary Software

RansomwareMidsize BusinessesThe most common causes were malicious or criminal attacks (44 percent), followed by employee negligence (31 percent) and system glitches (25 percent).

The intent of the breach is usually information theft leading to financial gain, rather than so-called hacktivism,

What is your exposure?

Resident/Employees FilesSocial Security NumberDrivers LicenseMajor Credit CardsCredit ReportAddress HistoryEmployment HistoryBusiness Reputation

Prevent

•What is the risk?

•What is your exposure?

Prepare

•What can you do to prepare for the inevitable?

•What practical approaches can you take to minimize exposure?

Respond

•How do you minimize the impact to business as usual when it does happen?

•How do you mitigate risk once it’s happened?

Data Classification

Level 1 Level 2 Level 3 Level 4

Data that may be freely disclosed with the public.

Internal data that is not meant for

public disclosure.

Sensitive internal data that if

disclosed could negatively affect

operations.

Highly sensitive corporate and customer data that if disclosed could put the

organization at financial or legal risk.

Example: Contact information, price

lists

Example: Sales contest rules, organizational

charts

Example: Contracts with third-party

suppliers, employee reviews

Example: Employee social security numbers,

customer credit card numbers

Prevent Prepare

Respond

Network & Physical Security Controls

Network, Computer, and Email Access ControlsEncryptionAnti-Virus/Anti-SpywareFirewall and Internet Connection

Prevent Prepare Respond

General Security Controls

Visitor PolicySocial EngineeringThird party network security checksNetwork and Computer Backups

Prevent Prepare Respond

“I’ve been hacked...”

Prevent Prepare Respond

Respond CONSIDER THE NUMBERSAverage Organizational Cost of a Data Breach $5.9 millionEstimated Cost of a General Data Breach $201 per compromised record

• Identify source & stabilize• Notify impacted parties• Be detailed, consistent & diligent with your reporting• Review business loss insurance• Develop plan to protect the company brand• Commence “Customer Loyalty” activities• Implement protocols to prevent future breaches• Be ready to adjust & adapt quickly as new threats arise

Prevent Prepare Respond

Future Predictions

New forms of blackmailing & extortion schemesRansom ware for data theftSmart MachinesSmart Offices or Business BMS SystemsIncreased threats at the power source (public utilities, old/outdated infrastructure, banking systems, financial institutions)

Are you and your organization protected ?

Prevent Prepare Respond

IREM Resources…

“Are You Sitting on a Cyber Security Bombshell?”, Joseph Dobrian, JPM Sept/Oct 2015Before and After Disaster Strikes: Developing An Emergency Procedures Manual, 4th Edition, ©2012 IREM“What You Should Know About Cybersecurity Insurance,” © IREM Blog October 15, 2015