• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Compliance & Security for the SME
 

Compliance & Security for the SME

on

  • 171 views

Compliance & Security for the SME in a digitally connected world. Presented at Infosecurity Europe 2013.

Compliance & Security for the SME in a digitally connected world. Presented at Infosecurity Europe 2013.

Statistics

Views

Total Views
171
Views on SlideShare
171
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • SMEs are different from large organisations, not in security threats which are the same, but more in the way they operate. SMEs don't need paper and labourintensive controls that big companies like. SMEs need cashflow, development and innovationyet they lack knowledge, motivation and money. Security simplyis not a priority purchase and someone else's problem, often seen as the “web person” or the part time IT person. They are the soft underbelly of business, the easy target.
  • IT and the business? How about “the business”?
  • Control access to information through access control, rights etcRunning a backup is not enough. An untested backup is like a car with no keys. You have it but you don’t know if you can use it when you need it.
  • Control access to information through access control, rights etcRunning a backup is not enough. An untested backup is like a car with no keys. You have it but you don’t know if you can use it when you need it.

Compliance & Security for the SME Compliance & Security for the SME Presentation Transcript

  • Protecting Clients’ Assets and Brand Reputation Compliance & Security for the SME
  • Protecting Clients’ Assets and Brand Reputation Definition of an SME An SME is defined as: • Turnover of less than £5 million • Less than 250 employees
  • Protecting Clients’ Assets and Brand Reputation THE SME NOW
  • Protecting Clients’ Assets and Brand Reputation The Pain • 80% of Malware easily targets the SME • 70%+ of SME are trivially breached • 75% of breached SME’s will close • Misplaced accountability • Vendor confusion
  • Protecting Clients’ Assets and Brand Reputation SME view of Compliance • I know I need to “do” Data Protection but I don’t understand it • My web designer does my website • What's a cookie? • My bank does my PCI • How many pages?
  • Protecting Clients’ Assets and Brand Reputation SME view of Information Security • I have [often free] anti-virus, that stops all attacks • My ISP stops hackers • Windows update takes too longer • What are application updates? • I wont get hacked, I am too small? • Have you seen this funny cat picture?
  • Protecting Clients’ Assets and Brand Reputation
  • Protecting Clients’ Assets and Brand Reputation WHAT HAS BEEN OBSERVED
  • Protecting Clients’ Assets and Brand Reputation 5 Common Obligations 1.Data Protect Act 1998 2.Privacy and Electronic Communications Regulations 2003 3.Payment Card Industries Data Security Standard 4.Consumer Protection (Distance Selling) Regulations 2000 5.Email Privacy and CAN-SPAM
  • Protecting Clients’ Assets and Brand Reputation 5 Common Failings 1. 2. 3. 4. 5. Weak passwords [insert name here] cloud storage No idea what information is held AV/AM out of date by six months Great looking website, shame about….
  • Protecting Clients’ Assets and Brand Reputation WHAT CAN WE DO
  • Protecting Clients’ Assets and Brand Reputation Starting a Change • IT is a business enabler, not a business. Lets talk business. • Stop using the latest buzz words. • Compliance is NOT Security • Look long term
  • Protecting Clients’ Assets and Brand Reputation Help SME’s to • • • • • • • • Control Access to Information Make Regular Backups & Test! Prevent Data Theft Protect Assets Strengthen Physical Security Educate and Train Staff Plan for Information Security Handle Security Incidents
  • Protecting Clients’ Assets and Brand Reputation Hedgehog provides • • • • • Vulnerability Management Regular Penetration Testing IASME consulting ISO:27001 consulting Information Security Management