Security in 10 slides


Published on

IT Security best practice

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security in 10 slides

  1. 1. Secure your Business In 10 slides by Sec4Bizz
  2. 2. Summary <ul><li>How to secure your business in 10 slides will give you tips and tricks to improve your security with a focus on IT but also on best practice about your information’s. </li></ul><ul><li>Security is a long list of best practice but we will highlight here basic recommendation’s that are often forgotten, especially in the small business world. </li></ul><ul><li>We will not cover how to get an online presence or deploy IT infrastructure. But some tip’s could require IT knowledge. </li></ul><ul><li>We will not detailed too much the lack if you don’t think about these best practices ;) </li></ul>
  3. 3. Physical security <ul><li>Think about a safe bolts that protect against fire. You can also store a copy of your backup in it. Some bank are offering this service. </li></ul><ul><li>Think about object that are left unsecured in your office that a visitor could access (i.e. it’s easy to copy a unprotected key, install a key logger etc…) </li></ul><ul><li>Secure your laptop by using a cable lock, prefer a key one model and think about the code (if any) when left opened … </li></ul><ul><li>Secure your removable media (tape, USB, …). Not only because they can be stolen, but they are easy to copy or to infect. </li></ul><ul><li>Copying workstation or laptop can be done by default in few seconds and perform brut force attack a later stage … or… </li></ul>
  4. 4. Network Security <ul><li>Wired network can be extended by an intruder, be sure to control wifi (but not only wifi…) around your office. </li></ul><ul><li>Be sure to have in place a process in case of stolen device (ie remote VPN boxe’s, wifi device) </li></ul><ul><li>Think about your wifi protection plan (mac address can be copied, passphrase can be stored on wifi device … some time in a clear form…) </li></ul><ul><li>VOIP is not always encrypted… </li></ul><ul><li>Be sure that your switch device will not fall into an « hub mode » in case of network mistake (permitting sniffing) </li></ul><ul><li>One of the basis: if you don’t need something disable it … (IPV6 , power over ethernet…) </li></ul><ul><li>DO NEVER rely on default installation </li></ul><ul><li>Be sure of the provenance of any device you have to trust … </li></ul><ul><li>Take care when you are connected on public hotspot…. Or free wifi… </li></ul>
  5. 5. Secure e-mail <ul><li>Implement SPF record (spammer’s ?) : </li></ul><ul><li>Use e-mail certificate (to prove your identity) </li></ul><ul><ul><li>Some are offering free : </li></ul></ul><ul><ul><li>Some citizen can provide the ability : Belgian eID card … </li></ul></ul><ul><li>Small Business will benefit of e-mail hosting solution’s rather than maintaining their own e-mail infrastructure (Mail hosting, antivirus, spam, anti-spam, archiving, securing the infra…) </li></ul>
  6. 6. Secure document <ul><li>In the past, many documents had to be stamped and signed. This can now be done for electronic document. Any Belgian citizen can digitally sign PDF produced, using his Citizen Card (ie invoice,…) </li></ul><ul><li>Use shredder to destruct document. Do this for all document’s, that you don’t need, where any of your identity (or personal info) is. </li></ul><ul><li>Destruct any form of electronic support when not needed anymore. </li></ul><ul><li>Think about un-formatting device (USB, HD, PC) </li></ul><ul><li>Think about second life of your device (hard reset smartphone etc..) </li></ul><ul><li>Also think « What if I loose this support, what data could be stored here ? ». Do you trust all repair services ? </li></ul>
  7. 7. Yourself <ul><li>Avoid publicity on your bag </li></ul><ul><li>You cannot always be behind your electronic device, think before what could you do when it will be the case (what is the best alternative at this precise time, don’t be un-prepared) </li></ul><ul><li>Use different password on systems or at least different password by category of system’s. </li></ul><ul><li>Change your habits, do not do act in the same way (use different OS, Tools, …) </li></ul><ul><li>Don’t be scared! But look at what you eat, drink…or touch! </li></ul><ul><li>Don’t be scared! But keep you in touch with security pro because the world is evolving fast. </li></ul>
  8. 8. Other’s <ul><li>Use tools provided to your business, ie in belgium: </li></ul><ul><ul><li> </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Social network are very usefull to know more about other’s (and you…): </li></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Or even facebook </li></ul></ul><ul><ul><li>Do a search on google… </li></ul></ul><ul><li>Caller ID (phone number that calling you) is not anymore a reference because VOIP could mistake them </li></ul><ul><li>Take care of what the Cloud computing is offering, they are not all prepared about confidentiality, availability and integrity. </li></ul>
  9. 9. Monitoring – Reporting - Legal <ul><li>Use strong Syslog server’s </li></ul><ul><li>Report any phishing : [email_address] </li></ul><ul><li>Do a « whois » in case of fraudulent act and report to the abuse e-mail address from the domain. </li></ul><ul><li>Private live: In Belgium we have this is useful for all these device, DB, camera … that are usefull in security but also concern in private life secret. </li></ul><ul><li>Cyber criminality : ie </li></ul>
  10. 10. Final word <ul><li>Technology </li></ul><ul><ul><li>We have a large panel of technology tools and devices that can be used to protect our self but also run against us. It’s important to know about this and to adopt a compliant attitude shared by the good side (need to use) and the bad side (need to protect). </li></ul></ul><ul><li>Social life </li></ul><ul><ul><li>Not all company/people/partner have the same attitude against security. It’s important that you are aware of the level considered by your partner and to adopt your own « relationship » regarding your partner security level. Take all the chance in your side to avoid mistake by being much aware of potential threats but not falling into a psychoses. </li></ul></ul>André Debilloëz,