Your Organizational Security Probably Sucks by Theresa Miller 24x7 IT Connection, LLC
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Your Organizational Security Probably Sucks
by Theresa Miller24x7 IT Connection, LLC
www.24x7itconnection.com
Agenda• Memory Lane• Be prepared for “when”• Business Reputation Matters• What can you do? Large and small organization
Memory Lane
Memory Lane
Memory Lane
Memory Lane
It’s no longer “if” it will happen , but how prepared your organization will be “when” it happens.
What has changed?• Technology has been around for some time now• Black Hat Hackers• Financial data – Traditionally sought after• Medical data – Newer Target• http://blogs.citrix.com/2015/04/08/healthcare-past-present-f
uture/• Health data is worth 10 times more than credit card data on
the black market. Predicting $5.6 billion price tag for healthcare breaches this year.
Business Reputation Matters
Forbes http://www.forbes.com/sites/davelewis/2014/12/16/sony-pictures-data-breach-and-the-pr-nightmare/
SC Magazinehttp://www.scmagazine.com/a-look-at-anthems-pr-response-following-the-data-breach/article/396990/
Can we really protect our organizational data?
What Can I do? Large organization•Regular system patching and maintenance•Servers and Workstations• Includes all software that your organization uses•This will cover you for up to 80% of vulnerabilities•What about the remaining 20%?
What can I do? Large organization•Security checks with penetration testing at least twice per year!•Remediate, remediate, remediate
What can I do? Large organization•Retire the really old legacy systems•Typically cannot be patched•Use older security strategies that can be hacked
What can I do? Large organization•Have excellent backups and backups of the backups
What can I do? Large organization•Using more than one technology or a product that includes more than one layer of protection. •Email scanning• Intrusion Detection•Endpoint recording to watch for anomalies•Laptop encryption
What can I do? Large organization•Public Relations and Business Planning•Legal and PR playbook in order
What can I do? Any organization•Educate users to “think before they click”
I am just a small business, I cannotafford a complex security strategy!
What can I do? Small business•Protect your PC’s •Virus and malware scanning
What can I do? Small business•Choose a reputable hosted Service provider•Microsoft or Amazon
What can I do? Small business•Have good backups of data•Modern day attacks can even destroy your backups
What can I do? Small business•Public Relations and Business Planning
• Legal representation• Plan for public communication
There is no such thing as Zero risk
Protect your Organization From..• Advancements in Malware• Blackhat Hackers• Financial Theft• Medical Theft • What we did in the past, will no longer carry Our organizations into the future
Take Action Now!
Questions??
Related Documents
