The Impact of COVID-19 on Information Security

1. _________________ A special webinar by FRSecure Hosted by: Evan Francen, FRSecure CEO With a TON of support from our team.

2. _________________ Agenda • Introductions. • Before we get started. • Our topics. • How to securely shift employees to remote work during social distancing. • Some of the current social engineering scams around COVID-19 and how to avoid them. • How to create or adjust your business's disaster recovery plan. • Where to go if/when you need help. #MissionBeforeMoney

3. _________________ Introductions You know me? Maybe you think you do… Evan Francen, FRSecure CEO (and chief introvert) • I do a bunch of information security stuff. • I started some things (FRSecure in 2008, SecurityStudio in 2017) • I create some things (S²Score, S²Org, S²Vendor, S²Team, S²Me, etc.) • I do some talks here and there (30ish/year, weekly UNSECURITY Podcast, etc.) • I do some writing (UNSECURITY published last year) • I do some teaching (CISSP Mentor Program, 6 students  1,000+ students) #MissionBeforeMoney

4. _________________ Introductions Who from FRSecure is here? Say “hi”, tell us your name and what you do… #MissionBeforeMoney

5. _________________ Before we get started. Some things to share with you. #1 – The current state of affairs. • Unprecedented events. • In less than two weeks, we’ve stepped into the Twilight Zone: • Schools are closed. • Travel is restricted. • Professional sports are on hold. • Gatherings of any scale are cancelled; theme parks, concerts, parties, weddings, etc. • No TP, hand sanitizer, canned goods, etc. #MissionBeforeMoney

6. https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data/csse_covid_19_time_series We’re NOT medical experts. We’re information security people, reason people, and mathy people. #MissionBeforeMoney

7. https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data/csse_covid_19_time_series #MissionBeforeMoney

8. _________________ Before we get started. Some things to share with you. Should you panic? • NO!!! • The math sort of tells us a couple things: • We (probably) haven’t turned the corner yet. • This will (probably) go on longer than you or I want it to. • We (probably) aren’t too late. • If you get infected (unlikely), it’s (probably) not a death sentence. .0019% of the US population has been infected (that we know). .000033% of the US population has not survived (that we know). The key is isolation. This is fine for an introvert like me, but not for everyone… In a welcome piece of good news about Covid-19, a team of infectious disease experts calculates that the fatality rate in people who have symptoms of the disease caused by the new coronavirus is about 1.4% https://www.statnews.com/2020/03/16/lower-coronavirus-death-rate-estimates/ #MissionBeforeMoney

9. _________________ Before we get started. Some things to share with you. #2 – My pledge. • I will NOT panic. • I will NOT give in to fear. • I WILL think things through. • I WILL make prudent decisions based upon the best (non-biased) information available. • I WILL be the person I’ve always been and learn to be better. • I WILL help my fellow humans whenever and however I can, putting my family first. • I will NOT use this (or anything else) to take advantage of people, and • I will NEVER put someone in danger if I can help it. #MissionBeforeMoney https://www.linkedin.com/posts/evanfrancen_coronavirus-panic-fear-activity-6645385153218703361-GJ9B

10. _________________ Before we get started. Some things to share with you. #3 – FRSecure Open Letter. • FRSecure's Commitment to You Regarding COVID-19 - March 16, 2020 Open Letter • Sent via email to all contacts on 3/16. • Posted to LinkedIn on 3/17 • Essentially, FRSecure is taking all prudent steps, we will be there for each other and all customers, and we expect no disruption to service. https://www.linkedin.com/pulse/frsecures-commitment-you-regarding-covid-19-march-16-evan-francen/ #MissionBeforeMoney

11. _________________ Before we get started. Some things to share with you. #4 – Ideas we’re kicking around. • FRSecure & SecurityStudio Daily inSANITY Check-in • Frequent webinars about the topics you tell us you want • Creating free tools and content you tell us you want/need and some stuff that we think you want/need. • We are, and will continue to be a stable and calm influence throughout the COVID-19 pandemic. • We will provide safe places for people to come and express opinions about information security (or anything else). Stay tuned. We tell you how to at the end. #MissionBeforeMoney

12. _________________ Before we get started. OK. Transition… We have other stuff to talk about too! • What is the impact of COVID-19 on information security? • How to securely shift employees to remote work during social distancing. • Some of the current social engineering scams around COVID-19 and how to avoid them. • How to create or adjust your business's disaster recovery plan. #MissionBeforeMoney

13. _________________ What is the impact of COVID-19 on information security? What is the impact of COVID-19 on information security? • Data doesn’t exist for many of the specifics, so we rely on our experiences and the (non-quantifiable) inputs we do have. • Based upon what we know about people, and the people who take advantage of people (attackers), this is what we know: • People are and will be (justifiably) distracted. • Attacks will increase in frequency, and maybe impact too. • From this, we created the bass and the barracuda diagrams to illustrate. Stick with me, I’ll explain… #MissionBeforeMoney

14. _________________ What is the impact of COVID-19 on information security? The Bass Don’t be a bass. #MissionBeforeMoney

15. _________________ What is the impact of COVID-19 on information security? The Barracuda Be a barracuda! The key is to maintain awareness. #MissionBeforeMoney

16. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. • What are the best practices that all organizations should employ? • People. • Technological. • Physical. One idea to help you… #MissionBeforeMoney

17. _________________ A special webinar by FRSecure Hosted by: Evan Francen, FRSecure CEO With a TON of support from our team.

18. THE IMPACT OF COVID-19 ON INFOSEC PT. 2 WHERE WE LEFT OFF • How to communicate with vendors from home (especially if vendors are working from home too)? • How do you feel about letting users use their personal computer to connect to their organization’s computer such as LogMeIn? • What about old Windows 7 PC's? Probably shouldn’t use these for work, but could family use these for school? • How about connecting remote workers into their VM using a web interface/browser? Any issues to watch out for? • How would one harden against a split tunnel situation? • Any thoughts on required printing when working from home and potential for PII or other sensitive information? • Assuming this situation is temporary, what tools/techniques can you recommend to document the changes so that we don't miss undoing any of the adjustments we make to infrastructure, etc.? UNANSWERED Q&A FROM LAST SESSION #MissionBeforeMoney

19. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. #MissionBeforeMoney

22. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. Press release this morning that S2Me and S2Team are available at no cost. #MissionBeforeMoney

23. _________________ Quick Question (maybe two) What’s next… #MissionBeforeMoney

24. _________________ Some of the current social engineering scams around COVID-19 and how to avoid them. https://arstechnica.com/information- technology/2020/03/the-internet-is-drowning-in-covid-19- related-malware-and-phishing-scams/ https://www.modernhealthcare.com/cybersecurity/hackers- taking-advantage-covid-19-spread-malware https://globalnews.ca/news/6690907/coronavirus-peterborough- scams/ https://www.wxyz.com/news/national/coronavirus/police-warn-of-covid-19- scams-that-target-elderly-population-in-metro-detroit #MissionBeforeMoney

26. _________________ How to create or adjust your business's disaster recovery plan. • More discussion. • How many of us have a disaster recovery plan? • Of those who have them, how many are worth salvaging versus starting over? • Do pandemics usually go in a disaster recovery plan or a business continuity plan or both? • And maybe more… #MissionBeforeMoney

28. _________________ What now? Please let us know how we can serve you! • Contact us: • Web: https://frsecure.com/contact/ • Phone: 877-384-2069 • Follow us: • FRSecure Twitter: @frsecure • Evan Twitter: @evanfrancen • FRSecure LinkedIn: https://www.linkedin.com/company/frsecure-llc • Evan LinkedIn: https://www.linkedin.com/in/evanfrancen/ #MissionBeforeMoney Please be safe!