SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
This presentation was delivered in Session 1 and Session 2 of The Impact of COVID-19 on Information Security webinars delivered the week of 3/16. The purpose is to help people put information security into context during the COVID-19 pandemic and to help people make their necessary transitions.
The topics discussed were:
- Introductions.
- Before we get started.
--- #1 – The current state of affairs.
--- #2 – My pledge.
--- #3 – FRSecure Open Letter.
--- #4 – Ideas we’re kicking around.
- Topics:
--- What is the impact of COVID-19 on information security?
--- How to securely shift employees to remote work during social distancing.
--- Some of the current social engineering scams around COVID-19 and how to avoid them.
--- How to create or adjust your business's disaster recovery plan.
- Where to go if/when you need help.
This presentation was delivered in Session 1 and Session 2 of The Impact of COVID-19 on Information Security webinars delivered the week of 3/16. The purpose is to help people put information security into context during the COVID-19 pandemic and to help people make their necessary transitions.
The topics discussed were:
- Introductions.
- Before we get started.
--- #1 – The current state of affairs.
--- #2 – My pledge.
--- #3 – FRSecure Open Letter.
--- #4 – Ideas we’re kicking around.
- Topics:
--- What is the impact of COVID-19 on information security?
--- How to securely shift employees to remote work during social distancing.
--- Some of the current social engineering scams around COVID-19 and how to avoid them.
--- How to create or adjust your business's disaster recovery plan.
- Where to go if/when you need help.
1.
_________________
A special webinar by FRSecure
Hosted by: Evan Francen, FRSecure CEO
With a TON of support from our team.
2.
_________________
Agenda
• Introductions.
• Before we get started.
• Our topics.
• How to securely shift employees to remote work during social
distancing.
• Some of the current social engineering scams around COVID-19
and how to avoid them.
• How to create or adjust your business's disaster recovery plan.
• Where to go if/when you need help.
#MissionBeforeMoney
3.
_________________
Introductions
You know me? Maybe you think you do…
Evan Francen, FRSecure CEO (and chief introvert)
• I do a bunch of information security stuff.
• I started some things (FRSecure in 2008, SecurityStudio in 2017)
• I create some things (S²Score, S²Org, S²Vendor, S²Team, S²Me, etc.)
• I do some talks here and there (30ish/year, weekly UNSECURITY
Podcast, etc.)
• I do some writing (UNSECURITY published last year)
• I do some teaching (CISSP Mentor Program, 6 students 1,000+
students)
#MissionBeforeMoney
4.
_________________
Introductions
Who from FRSecure is here?
Say “hi”, tell us your name and what you do…
#MissionBeforeMoney
5.
_________________
Before we get started.
Some things to share with you.
#1 – The current state of affairs.
• Unprecedented events.
• In less than two weeks, we’ve stepped into the Twilight Zone:
• Schools are closed.
• Travel is restricted.
• Professional sports are on hold.
• Gatherings of any scale are cancelled; theme parks, concerts,
parties, weddings, etc.
• No TP, hand sanitizer, canned goods, etc.
#MissionBeforeMoney
6.
https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data/csse_covid_19_time_series
We’re NOT medical experts. We’re
information security people, reason
people, and mathy people.
#MissionBeforeMoney
8.
_________________
Before we get started.
Some things to share with you.
Should you panic?
• NO!!!
• The math sort of tells us a couple things:
• We (probably) haven’t turned the corner yet.
• This will (probably) go on longer than you or I want it to.
• We (probably) aren’t too late.
• If you get infected (unlikely), it’s (probably) not a death sentence.
.0019% of the US population has
been infected (that we know).
.000033% of the US population has
not survived (that we know).
The key is isolation.
This is fine for an introvert like
me, but not for everyone…
In a welcome piece of good news about Covid-19, a team of infectious
disease experts calculates that the fatality rate in people who have
symptoms of the disease caused by the new coronavirus is about 1.4%
https://www.statnews.com/2020/03/16/lower-coronavirus-death-rate-estimates/
#MissionBeforeMoney
9.
_________________
Before we get started.
Some things to share with you.
#2 – My pledge.
• I will NOT panic.
• I will NOT give in to fear.
• I WILL think things through.
• I WILL make prudent decisions based upon the best (non-biased) information
available.
• I WILL be the person I’ve always been and learn to be better.
• I WILL help my fellow humans whenever and however I can, putting my family first.
• I will NOT use this (or anything else) to take advantage of people, and
• I will NEVER put someone in danger if I can help it.
#MissionBeforeMoney
https://www.linkedin.com/posts/evanfrancen_coronavirus-panic-fear-activity-6645385153218703361-GJ9B
10.
_________________
Before we get started.
Some things to share with you.
#3 – FRSecure Open Letter.
• FRSecure's Commitment to You Regarding COVID-19 - March 16, 2020
Open Letter
• Sent via email to all contacts on 3/16.
• Posted to LinkedIn on 3/17
• Essentially, FRSecure is taking all prudent steps, we will be there
for each other and all customers, and we expect no disruption to
service.
https://www.linkedin.com/pulse/frsecures-commitment-you-regarding-covid-19-march-16-evan-francen/
#MissionBeforeMoney
11.
_________________
Before we get started.
Some things to share with you.
#4 – Ideas we’re kicking around.
• FRSecure & SecurityStudio Daily inSANITY Check-in
• Frequent webinars about the topics you tell us you want
• Creating free tools and content you tell us you want/need and some
stuff that we think you want/need.
• We are, and will continue to be a stable and calm influence
throughout the COVID-19 pandemic.
• We will provide safe places for people to come and express opinions
about information security (or anything else).
Stay tuned.
We tell you how to at the end.
#MissionBeforeMoney
12.
_________________
Before we get started.
OK. Transition…
We have other stuff to talk about too!
• What is the impact of COVID-19 on information security?
• How to securely shift employees to remote work during social
distancing.
• Some of the current social engineering scams around COVID-19 and
how to avoid them.
• How to create or adjust your business's disaster recovery plan.
#MissionBeforeMoney
13.
_________________
What is the impact of COVID-19 on information security?
What is the impact of COVID-19 on information security?
• Data doesn’t exist for many of the specifics, so we rely on our
experiences and the (non-quantifiable) inputs we do have.
• Based upon what we know about people, and the people who take
advantage of people (attackers), this is what we know:
• People are and will be (justifiably) distracted.
• Attacks will increase in frequency, and maybe impact too.
• From this, we created the bass and the barracuda diagrams to
illustrate.
Stick with me, I’ll explain…
#MissionBeforeMoney
14.
_________________
What is the impact of COVID-19 on information security?
The Bass
Don’t be a bass.
#MissionBeforeMoney
15.
_________________
What is the impact of COVID-19 on information security?
The Barracuda
Be a barracuda!
The key is to maintain
awareness.
#MissionBeforeMoney
16.
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
• What are the best practices that all organizations should employ?
• People.
• Technological.
• Physical.
One idea to help you…
#MissionBeforeMoney
17.
_________________
A special webinar by FRSecure
Hosted by: Evan Francen, FRSecure CEO
With a TON of support from our team.
18.
THE IMPACT OF COVID-19 ON INFOSEC PT. 2
WHERE WE LEFT OFF
• How to communicate with vendors from home (especially if vendors are working from
home too)?
• How do you feel about letting users use their personal computer to connect to their
organization’s computer such as LogMeIn?
• What about old Windows 7 PC's? Probably shouldn’t use these for work, but could family
use these for school?
• How about connecting remote workers into their VM using a web interface/browser? Any
issues to watch out for?
• How would one harden against a split tunnel situation?
• Any thoughts on required printing when working from home and potential for PII or other
sensitive information?
• Assuming this situation is temporary, what tools/techniques can you recommend to
document the changes so that we don't miss undoing any of the adjustments we make to
infrastructure, etc.?
UNANSWERED Q&A FROM LAST SESSION
#MissionBeforeMoney
19.
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
#MissionBeforeMoney
20.
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
#MissionBeforeMoney
21.
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
#MissionBeforeMoney
22.
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss. Press release this morning that S2Me
and S2Team are available at no cost.
#MissionBeforeMoney
24.
_________________
Some of the current social engineering scams around COVID-19 and
how to avoid them.
https://arstechnica.com/information-
technology/2020/03/the-internet-is-drowning-in-covid-19-
related-malware-and-phishing-scams/
https://www.modernhealthcare.com/cybersecurity/hackers-
taking-advantage-covid-19-spread-malware
https://globalnews.ca/news/6690907/coronavirus-peterborough-
scams/
https://www.wxyz.com/news/national/coronavirus/police-warn-of-covid-19-
scams-that-target-elderly-population-in-metro-detroit
#MissionBeforeMoney
26.
_________________
How to create or adjust your business's disaster recovery
plan.
• More discussion.
• How many of us have a disaster recovery plan?
• Of those who have them, how many are worth salvaging versus
starting over?
• Do pandemics usually go in a disaster recovery plan or a business
continuity plan or both?
• And maybe more…
#MissionBeforeMoney