Your SlideShare is downloading. ×
Security in 10 slides
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security in 10 slides

1,156
views

Published on

IT Security best practice

IT Security best practice

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,156
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Secure your Business In 10 slides by Sec4Bizz
  • 2. Summary
    • How to secure your business in 10 slides will give you tips and tricks to improve your security with a focus on IT but also on best practice about your information’s.
    • Security is a long list of best practice but we will highlight here basic recommendation’s that are often forgotten, especially in the small business world.
    • We will not cover how to get an online presence or deploy IT infrastructure. But some tip’s could require IT knowledge.
    • We will not detailed too much the lack if you don’t think about these best practices ;)
  • 3. Physical security
    • Think about a safe bolts that protect against fire. You can also store a copy of your backup in it. Some bank are offering this service.
    • Think about object that are left unsecured in your office that a visitor could access (i.e. it’s easy to copy a unprotected key, install a key logger etc…)
    • Secure your laptop by using a cable lock, prefer a key one model and think about the code (if any) when left opened …
    • Secure your removable media (tape, USB, …). Not only because they can be stolen, but they are easy to copy or to infect.
    • Copying workstation or laptop can be done by default in few seconds and perform brut force attack a later stage … or…
  • 4. Network Security
    • Wired network can be extended by an intruder, be sure to control wifi (but not only wifi…) around your office.
    • Be sure to have in place a process in case of stolen device (ie remote VPN boxe’s, wifi device)
    • Think about your wifi protection plan (mac address can be copied, passphrase can be stored on wifi device … some time in a clear form…)
    • VOIP is not always encrypted…
    • Be sure that your switch device will not fall into an « hub mode » in case of network mistake (permitting sniffing)
    • One of the basis: if you don’t need something disable it … (IPV6 , power over ethernet…)
    • DO NEVER rely on default installation
    • Be sure of the provenance of any device you have to trust …
    • Take care when you are connected on public hotspot…. Or free wifi…
  • 5. Secure e-mail
    • Implement SPF record (spammer’s ?) : http://www.openspf.org/
    • Use e-mail certificate (to prove your identity)
      • Some are offering free : http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html
      • Some citizen can provide the ability : Belgian eID card …
    • Small Business will benefit of e-mail hosting solution’s rather than maintaining their own e-mail infrastructure (Mail hosting, antivirus, spam, anti-spam, archiving, securing the infra…)
  • 6. Secure document
    • In the past, many documents had to be stamped and signed. This can now be done for electronic document. Any Belgian citizen can digitally sign PDF produced, using his Citizen Card (ie invoice,…)
    • Use shredder to destruct document. Do this for all document’s, that you don’t need, where any of your identity (or personal info) is.
    • Destruct any form of electronic support when not needed anymore.
    • Think about un-formatting device (USB, HD, PC)
    • Think about second life of your device (hard reset smartphone etc..)
    • Also think « What if I loose this support, what data could be stored here ? ». Do you trust all repair services ?
  • 7. Yourself
    • Avoid publicity on your bag
    • You cannot always be behind your electronic device, think before what could you do when it will be the case (what is the best alternative at this precise time, don’t be un-prepared)
    • Use different password on systems or at least different password by category of system’s.
    • Change your habits, do not do act in the same way (use different OS, Tools, …)
    • Don’t be scared! But look at what you eat, drink…or touch!
    • Don’t be scared! But keep you in touch with security pro because the world is evolving fast.
  • 8. Other’s
    • Use tools provided to your business, ie in belgium:
      • http://www.ejustice.just.fgov.be/tsv_pub/index_f.htm
      • http://www.bnb.be/pub/Enterprises.htm?l=fr
    • Social network are very usefull to know more about other’s (and you…):
      • www.linkedin.com
      • Or even facebook
      • Do a search on google…
    • Caller ID (phone number that calling you) is not anymore a reference because VOIP could mistake them
    • Take care of what the Cloud computing is offering, they are not all prepared about confidentiality, availability and integrity.
  • 9. Monitoring – Reporting - Legal
    • Use strong Syslog server’s
    • Report any phishing : [email_address]
    • Do a « whois » in case of fraudulent act and report to the abuse e-mail address from the domain.
    • Private live: In Belgium we have http://www.privacycommission.be this is useful for all these device, DB, camera … that are usefull in security but also concern in private life secret.
    • Cyber criminality : ie https://www.ecops.be
  • 10. Final word
    • Technology
      • We have a large panel of technology tools and devices that can be used to protect our self but also run against us. It’s important to know about this and to adopt a compliant attitude shared by the good side (need to use) and the bad side (need to protect).
    • Social life
      • Not all company/people/partner have the same attitude against security. It’s important that you are aware of the level considered by your partner and to adopt your own « relationship » regarding your partner security level. Take all the chance in your side to avoid mistake by being much aware of potential threats but not falling into a psychoses.
    André Debilloëz, ade@sec4bizz.com