protecting your small business in the digital world
TRANSCRIPT
![Page 1: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/1.jpg)
Protecting Your Small Business In The Digital World
SAGE N CLEMENTS, SEC +SAGE’S COMPUTER REPAIR, CEO
![Page 2: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/2.jpg)
About Sage: Busy Guy
Been In The IT Field for 15 years Owner of Sage’s Computer Repair Security + Designation from Comptia, Currently working on CISSP Technology Underwriter for Fortune 500 Company
Specialize in Loss Control, Claims Handling and Cyber/Network Security Liability Insurance
![Page 3: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/3.jpg)
About Sage: Loves to Play
Hobbies Include: Programming, Reverse Engineering and Watch Wrestling (Its still real to me)
![Page 4: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/4.jpg)
AgendaWhat is a Data Breach?
Data Breach Statistics (DBIR)
Who Are The Players?
Why Small Business Are at Risk?
Reducing Attack Surface (Tips)
Questions?
![Page 5: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/5.jpg)
What Is Data Breach?
![Page 6: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/6.jpg)
A Data Breach is the Intentional or Unintentional release of private or sensitive information
![Page 7: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/7.jpg)
Personal Identifiable InformationPrivate or Sensitive Information
IP Addresses Phone Numbers
Addresses Passwords
Credit Card Number
Non-Disclosure Agreements
Date of Birth
Intellectual Property
Full Name Financials
Social Security Number
Email Medical
Trade SecretsSource Code
Personnel Records
![Page 8: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/8.jpg)
Rule #1: Data Breach Is Not Just An Online Risk
![Page 9: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/9.jpg)
Data Breach
Hacking Phishing
Dumpster Diving Improper Disposal of Documents
Shoulder Surfing
Theft Of Equipment
Breaking and Entering
Unencrypted Mobile Devices
Social Engineering
Employees
Piggy Backing
Unencrypted Documents Malware
Weak Passwords
Outdated Software / OS
POS SkimmersRansomwareLack Of IDS/IPS Systems
![Page 10: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/10.jpg)
2015: A Year In Review Over 5,800 Breaches Reported
More Than 857 Million Records Compromised
Phishing contributed to more than 35% of Reported Breaches
Phishing is on the Rise!!
*As Reported by ITRC http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html
![Page 11: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/11.jpg)
What is Your Password?
![Page 12: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/12.jpg)
Threat ActorsCareer Hackers
Activists
Script Kitties
Employees
Nation States
Competitors Extortionists
Organized Crime
![Page 13: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/13.jpg)
Myths About Security
“Too Expensi
ve”
“It won’t happen to me”
“AV will protect
me”
“I don’t surf bad sites”
“Not my responsibilities”
![Page 14: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/14.jpg)
Financial Impact
![Page 15: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/15.jpg)
Financial Impact
The average cost per compromised record in the US is $268 Computer Forensic Services ~ $250 - $350 per hour Ransomware payments can be expensive The average defense costs for litigation matters is approximately
$60,000 More than 60% of Small Businesses close with 24 months after
experiencing a breach Approximately 90% of businesses down for 10 days or more, do
not recover Regulatory Fines Are Projected to be More Frequent going forward
![Page 16: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/16.jpg)
Rule #2: Big Or Small No One Is Immune
![Page 17: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/17.jpg)
- High Profile -2015 Data Breaches- Low Profile -
Scottsdale – 4.6MT-Mobile/Experian – 15M
Georgia Secretary of State – 6M
Office of Personnel Management/US Government– 21.5M Excellus Blue Cross Blue Shield – 10M
Anthem –78.8M
Harel Chiropractic, WI – 3,000
Cuesta College, CA – 4,000 Blue Zebra Sports– 1,218
SRI, Inc – 9,000
Securus Technologies– 63,000
![Page 18: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/18.jpg)
Why Should It Matter?
Small Businesses Are High Targets Low Hanging Fruit
Investment in Security is Low High Volume of Sensitive Data Negative Attitude towards Information Security
Employees Are More Susceptible to Social Engineering Attacks Lack Of Security Training Personal & Company Information is Readily Available on Social Sites
Poor Backup Solutions
![Page 19: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/19.jpg)
Rule #3: Understand The Weakness Of Your Business and Apply Proper Controls
![Page 20: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/20.jpg)
Reducing Attack Surface
Physical
Network
Annual Audits
![Page 21: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/21.jpg)
Reducing Attack Surface - Network
Use Complex Passwords Keep Operating System Updated Keep Anti-Malware Definitions Updated Keep Sensitive Data on a Separate Network Implement 2-Factor Authentication Limit Admin Access Terminate Access & Credentials Encrypt Computers With Sensitive Data Keep Vendor Access Separate From Sensitive Network Back Up Data to Off-Site Source and Test Routinely Be cautious of what you and employees put on social media
Something You Have• Authentication Card• Token• Phone• Email
Something You Know
• Password• Pin• Passphase• User Name
Something You Are
• Biometrics• Finger Print• Retinal
2 Factor Authentication
3F2F 2F
2F
![Page 22: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/22.jpg)
Reducing Attack Surface - Physical
Shred Sensitive Documentation Limit Outsider Access to Sensitive Areas Implement Locks on Outside Trash Cans Use Locks to Secure Computers Encrypt Mobile Devices and Computers Secretary to greet (change wording)
![Page 23: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/23.jpg)
Reducing Attack Surface - Email
Do Not Open Attachments from Unfamiliar Senders Train Employees on Suspicious Emails Simulate Phishing Email Campaigns Routinely If Sensitive Data Must Be Emailed, Encrypt Prior to Sending or
Use an Encrypted Portal Service
![Page 24: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/24.jpg)
Reducing Attack Surface - AuditsPhysical
•Access Premise•Shoulder Surfing•Dumpster Diving•Cloning Credentials•Tailgating
Vulnerabilit
y Assessments
•Non-invasive Network Scans•Outdated Software
Pen
etration
Testing
•Invasive Network Scans•DOS/DDOS•Brute Force•Exploitation•Exfiltration of Data
Social Engine
ering
•Phishing•Whale Phishing•Targeting Disgruntled Employees•Social Media Profiles•Background Procedures
![Page 25: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/25.jpg)
Recap
Remember the 3 Rules Data Breach is Not Just an Online Risk No one is Immune to a Data Breach Understand The Weakness of Your Business and Apply Proper
Controls Have a Business Continuity Plan in Place Reduce Your Attack Surface Consistency is the key
![Page 26: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/26.jpg)
Questions?
![Page 27: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/27.jpg)
Sage N Clements, Sec + Email: [email protected] Follow us on Twitter: @SagesCompRepair We Are On G+: Like Us On Facebook:
https://www.facebook.com/sagescomputerrepair/
![Page 28: Protecting Your Small Business In The Digital World](https://reader035.vdocuments.site/reader035/viewer/2022070509/589d01d11a28ab255c8b50f7/html5/thumbnails/28.jpg)
Resources
Identity Theft Resource Center - http://www.idtheftcenter.org/ Verizon Data Breach Investigation Report –
http://www.verizonenterprise.com/DBIR/