Veterans in Business (VIB) Network Conference Left Brain Professionals Inc. All businesses face cybersecurity issues. Defense contractors must meet the requirements outlined in NIST (SP) 800-171 R1 by December 31, 2017. Learn best practices all businesses can use to secure their networks and protect their data. We guarantee you’ll walk away with tools you can easily implement today.

1. Cybersecurity – Keeping Your
Business Protected
Robert E. Jones
CPA, CPCM, NCMA Fellow

2. Positive Share

3. Safety Check

6. Incident % of
Organizations
Phishing attack successful in infecting network with malware 37%
Successful ransomware attack 24%
Malware infiltrated system, unknown entry point 22%
Sensitive info accidently leaked through email 22%
Successful drive-by attack from employee web surfing 21%
Senior executive tricked into fraud by email scheme 12%
Senior executive systems infected with malware 10%
Sensitive info maliciously leaked through email 7%
Sensitive info leaked through cloud service such as Dropbox 6%
Sensitive info leaked through social media/cloud application 2%
Sensitive info leaked, unknown cause or source 2%
None of the above occurred or unaware of occurrence 25%

7. Threats
Cybercriminals
Nation-states
Employees

8. Tactics
Phishing
Drive-by
Brute force

9. Risks
Embarrassment
Loss of public trust/reputation
Loss of business, revenue, and profit
Legal or financial claims

10. Compliance Requirements
Contract clause
(PCI, PII, PHI)
Government contract clauses
FAR 52.204-21
DFARS 252.204-7012

11. Frameworks
CIS/SANS 20
ISO/IEC 27001/27002
COBIT 5
SEC Cybersecurity*
Trust Services Criteria*
NIST (SP) 800-171 R1**
*May be required for public entities **Required for DFARS 252.204-7012

12. NIST 5 Functional Areas

13. Common Framework Categories
Access Control
Awareness and Training
Audit and Accountability
Configuration Management
Identification and Authentication
Incident Response
Maintenance

14. Common Framework Categories
Media Protection
Personnel Security
Physical Protection
Risk Assessment
Security Assessment
System and Communications Protection
System and Information Integrity

15. What to Protect
Corporate Network
Email
Mobile Devices
Cloud Storage
Online Accounts
Social Media
Apps and IoT

16. How to Protect
A number of free and inexpensive tools
Security enhanced and some compliance achieved
simply by activating tools provided

17. Physical Security
Secure the perimeter and entryways
Secure interior access
Beyond lobby
Sensitive areas
Server room
Visitor logs and badges

18. Firewalls
Hardware & Software
Change default Admin ID &
Password
Barracuda
SonicWall

19. Network Security
Close unused ports
Limit access or connection
with external systems
Solarwinds
Device42

20. WiFi
Separate guest network
Change default Admin ID
and password
Avoid public WiFi
Use VPN
Xirrus

21. VPN
Secure connection to your
server
Secure connection for
general usage
NordVPN
PureVPN
SaferVPN
Vyprvpn

22. Mobile Devices
PIN
Remote Wipe
Mobile Software
WiFi and Bluetooth
Use VPN
Avira
Lookout
McAfee Mobile

23. OS Updates
Windows
Mac
Apple
Android

24. Virus Protection
Virus & malware protection
on all devices:
Servers, PCs, laptops,
tablets, & phones
AVG
Eset
Kaspersky
Malware Bytes
McAfee

25. Firmware Updates
Firewalls
Routers
Switches
Other IoT devices

26. IoT Devices
Copiers
Scanners
Echo
Smart TVs

27. Encrypt Website
Use SSL on your own
website
Only shop and enter info
on https websites
Comodo
DigiSign
GlobalSign
VeriSign

28. Passwords
Complex Pass Phrases
Password Tools
Dashlane
Keeper
Lastpass
OneLogin
SplashID

29. MFA/2FA
Multifactor authentication
2 out of 3:
Something you know
Something you are
Something you have
Yubico
Digital Certificate
Text Messages
Authenticator
App

30. Email
Separate business and
personal accounts
Enable MFA
Personal:
Gmail
Outlook.com

31. Cloud Storage
Separate business and
personal accounts
Enable MFA
Personal:
Box
Dropbox
Google Drive
iCloud

32. Online Accounts
Bank
Credit card
Utility
Shopping
Bill payment
Enable MFA
Use separate
email

33. Audits & Certification
US Government does not accept any audit report
or third-party certification
Many primes require an audit or third-party
verification

34. Due Diligence
Need to show good faith, due diligence effort
towards compliance

35. Contact
Robert E. Jones
(614) 556-4415
robert@leftbrainpro.com

36. Resources
FAR 52.204-21
DFARS 252.204-7012
NIST (SP) 800-171 R1
FAQ
DPAP Memo
Others from WC17 and SAME