Security in 10 slides

Secure your Business In 10 slides by Sec4Bizz

Summary
How to secure your business in 10 slides will give you tips and tricks to improve your security with a focus on IT but also on best practice about your information’s.
Security is a long list of best practice but we will highlight here basic recommendation’s that are often forgotten, especially in the small business world.
We will not cover how to get an online presence or deploy IT infrastructure. But some tip’s could require IT knowledge.
We will not detailed too much the lack if you don’t think about these best practices ;)

Physical security
Think about a safe bolts that protect against fire. You can also store a copy of your backup in it. Some bank are offering this service.
Think about object that are left unsecured in your office that a visitor could access (i.e. it’s easy to copy a unprotected key, install a key logger etc…)
Secure your laptop by using a cable lock, prefer a key one model and think about the code (if any) when left opened …
Secure your removable media (tape, USB, …). Not only because they can be stolen, but they are easy to copy or to infect.
Copying workstation or laptop can be done by default in few seconds and perform brut force attack a later stage … or…

Network Security
Wired network can be extended by an intruder, be sure to control wifi (but not only wifi…) around your office.
Be sure to have in place a process in case of stolen device (ie remote VPN boxe’s, wifi device)
Think about your wifi protection plan (mac address can be copied, passphrase can be stored on wifi device … some time in a clear form…)
VOIP is not always encrypted…
Be sure that your switch device will not fall into an « hub mode » in case of network mistake (permitting sniffing)
One of the basis: if you don’t need something disable it … (IPV6 , power over ethernet…)
DO NEVER rely on default installation
Be sure of the provenance of any device you have to trust …
Take care when you are connected on public hotspot…. Or free wifi…

Secure e-mail
Implement SPF record (spammer’s ?) : http://www.openspf.org/
Use e-mail certificate (to prove your identity)
Some are offering free : http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html
Some citizen can provide the ability : Belgian eID card …
Small Business will benefit of e-mail hosting solution’s rather than maintaining their own e-mail infrastructure (Mail hosting, antivirus, spam, anti-spam, archiving, securing the infra…)

Secure document
In the past, many documents had to be stamped and signed. This can now be done for electronic document. Any Belgian citizen can digitally sign PDF produced, using his Citizen Card (ie invoice,…)
Use shredder to destruct document. Do this for all document’s, that you don’t need, where any of your identity (or personal info) is.
Destruct any form of electronic support when not needed anymore.
Think about un-formatting device (USB, HD, PC)
Think about second life of your device (hard reset smartphone etc..)
Also think « What if I loose this support, what data could be stored here ? ». Do you trust all repair services ?

Yourself
Avoid publicity on your bag
You cannot always be behind your electronic device, think before what could you do when it will be the case (what is the best alternative at this precise time, don’t be un-prepared)
Use different password on systems or at least different password by category of system’s.
Change your habits, do not do act in the same way (use different OS, Tools, …)
Don’t be scared! But look at what you eat, drink…or touch!
Don’t be scared! But keep you in touch with security pro because the world is evolving fast.

Other’s
Use tools provided to your business, ie in belgium:
http://www.ejustice.just.fgov.be/tsv_pub/index_f.htm
http://www.bnb.be/pub/Enterprises.htm?l=fr
Social network are very usefull to know more about other’s (and you…):
www.linkedin.com
Or even facebook
Do a search on google…
Caller ID (phone number that calling you) is not anymore a reference because VOIP could mistake them
Take care of what the Cloud computing is offering, they are not all prepared about confidentiality, availability and integrity.

Monitoring – Reporting - Legal
Use strong Syslog server’s
Report any phishing : [email_address]
Do a « whois » in case of fraudulent act and report to the abuse e-mail address from the domain.
Private live: In Belgium we have http://www.privacycommission.be this is useful for all these device, DB, camera … that are usefull in security but also concern in private life secret.
Cyber criminality : ie https://www.ecops.be

Final word
Technology
We have a large panel of technology tools and devices that can be used to protect our self but also run against us. It’s important to know about this and to adopt a compliant attitude shared by the good side (need to use) and the bad side (need to protect).
Social life
Not all company/people/partner have the same attitude against security. It’s important that you are aware of the level considered by your partner and to adopt your own « relationship » regarding your partner security level. Take all the chance in your side to avoid mistake by being much aware of potential threats but not falling into a psychoses.
André Debilloëz, ade@sec4bizz.com

Security in 10 slides

by Andre Debilloez on Sep 04, 2011

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 203

Statistics

Security in 10 slides — Presentation Transcript