SlideShare a Scribd company logo
1 of 19
Download to read offline
Cybersecurity and Privacy on Internet
Katherine Cancelado
About me:
Katherine Cancelado
Consultant
Cyber Risk Services
Deloitte Dublin
Tel: +353 1417 5723
Email: kcancelado@deloitte.ie
Katherine is a Computer Science and Information Security Professional. She has always
been interested in technology with a particular focus on cyber security over the last
decade. She has over 3 years professional experience in penetration testing and
vulnerability assessment. Additionally, Katherine has over 3 years experience as a
network analyst, threat content creator and very recent experience in incident response
for a multitude of global companies.
Katherine lectured “Cyber Security“ at Javeriana University Colombia and has participated
in numerous infrastructure and application penetration testing assignments, including:
• Several web and network penetration tests for global organisations and financial
services within South America, United Kingdom and Ireland
• Worked as perimeter threat content creator for an American company in Colombia and
United Kingdom
• Penetration test, vulnerability assessment, incident response and forensics in the
financial sector of a “Big 4” firm
• Networking and system administration for an American company in Colombia
Qualifications
• MSc. In Cyber Security from “Universidad de
la Rioja” Madrid, Spain
• B.Eng. In Computer Science & Engineering
from “Universidad Pontificia Bolivariana”
Santander, Colombia
• System Security Certified Practitioner - (ISC)²
• Certified Digital Forensics Analyst – REDLIF
Main industries
• Bank, Financial and Insurance Companies
• IT and Telecommunication
• Education
Agenda
• Women at work
• Risks on Internet
• Privacy, Cybersecurity and Data Privacy
• What can you do?
• Questions
• References
Women
at Work
Women at Work
According to the United States Bureau of Labor
Statistics, 46.8% of professional positions are held
by women[1].
The table [2] on the right shows the different
percentages of women employed in each
professional sector.
Cyberjutsu[3], a non-profit passionate about helping
and empowering women to succeed in the
Cybersecurity field also offer an interesting statistic.
Only 11% of the information security workforce are
women.
The problem is not just the fact that women’s
representation in computer science related subjects
is low. It is that sometimes, the lack of computer
and information security awareness leaves women
vulnerable to cyber attack.
Therefore driving the voice around cybersecurity
and privacy, have never been more important for
ourselves and our female peers.
In the end, no matter what our role is, the data we
look after/ manage is what makes us an ideal
target.
Women and Internet Professional Occupation Women
Medical and health services 73.7%
Human resources 73.3%
Social and community service 67.4%
Education 65.7%
Public relationships and fundraising 59.2%
Advertising and promotions 53.6%
Lodging 53.5%
Property, real state, and community association 50.9%
Financial 49.6%
Administrative services 47.7%
Food services 47.1%
Purchasing 44.8%
Marketing and sales 43.2%
General and operations 27.6%
Computer and information systems 27.2%
Cybersecurity 11%
[1] https://www.bls.gov/cps/cpsaat11.htm
[2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm
[3] http://womenscyberjutsu.org/
Information we manage
The information we hold
Personally Identifiable Information
PII is any information that can be used to identify a person; for example, your name, address,
date of birth, national insurance number, and so on.
Protected Health Information
PHI is defined by the Health Insurance Portability and Accountability Act (HIPPA) and
comprises any data that can be used to associate a person's identity with their health care
Financial Information
Banking/ transaction history, credit rating
Sensitive information:
National Insurance Number/ PPSN, driving license, financial accounts, medical information,
electoral record
Information is money!!!!
According to Breach Level Index[4],
data records have been found to be lost
or stolen at the following frequencies:
Every day: 4,504,712
Every hour: 187,696
Every minute: 3,218
Every second: 52
Even worse… Only 4% of these
breaches were ‘secure breaches’
(encryption was used and the stolen
data was rendered useless). 35.19%
15.46%
11.82%
11.46%
4.40%
3.48%
1.12%
Technology
Other
Retail
Government
Financial
Healthcare
Education
Data Records Stolen or Lost by Industry
[4] Data Breach level Index http://breachlevelindex.com/
8
Risks on
Internet
Risk on Internet
• Identity thief
• Phishing
• Fraud
Social Engineering
• Websites that appear to
be something they are
not. Phishing websites
• Obfuscation, masking,
iframes, clickjacking,
injections
Trojan websites
File sharing and privacy
• Viruses
• Spyware
• Adware
Malicious Software
Risk:
The likelihood of
“something bad”
happening and causing
financial and/ or
reputational damage
• Information Overshared
• Peer to Peer (P2P)
• Torrents
Cyber
Security
and
Privacy
What is Privacy?
[5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
Cybersecurity and Data Privacy
Cybersecurity is the
conjunction of good
practices, tools, concepts and
measures taken to protect a
system, platform or person.
“Privacy is a fundamental
right, essential to autonomy
and the protection of human
dignity, serving as the
foundation upon which many
other human rights are built.”
[5]
[5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
Cybersecurity and data privacy
are not the same, but should
always be together.
What
Can You
Do?
What Can You Do?
Personal
information is like
money
Value it
Protect it
Common sense Share with
care
Anonymise
your
Internet use
Check
Secure
Browsing
Classify your
data
Examine privacy
policies
Uninstall
unnecessary
software
Use
encryption
Not everything
is visible!
Remember that
the Internet is
an extension of
our “real” life
What Can You Do At Home?
Share with care
Do not reveal personal
information unnecessarily.
Terms & Conditions may not
apply to you. ;-)
02
01
Classify your data
All data is not equal. Treat
different life streams
separately; home/ work,
spouse/ children,
private/ public.
04
03
05
06
Anonymise your Internet
use
Stop sharing your location
and using add-ons.
Connect anonymously.
Uninstall unnecessary
software
Bloatware/ pre-installed or add-
on software (e.g. toolbars)
usually contains unwanted
processes and should be
removed.
Secure Browsing
Regularly clear your browser
history and cache, check for
secure connections (HTTPS).
Common sense
Always be aware of your
actions, a single click or tap
can have serious
consequences.
What Can You Do At work?
Do not take work to home
Physical and digital work
assets are a target outside
your place of work.
02
01
Remove unused software,
services
Limit use of software and
services to essentials.
04
03
05
06
End-to-End encryption
Ensure all start and
endpoints of electronic
communications are
encrypted to mitigate man-
in-the-middle attacks.
Document / Record
Everything
Ensure there’s a paper trail in
case something goes wrong.
Data retention
Comply with the law but
ensure useless data is
destroyed.
Think GDPR. 
Security Awareness
Give the appropriate
cybersecurity training to your
employees, ask about your
data management
expectations.
Questions?
“The art and science of asking questions is the source of
knowledge” - Thomas Berger
[1] https://www.bls.gov/cps/cpsaat11.htm
[2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm
[3] http://womenscyberjutsu.org/
[4] Data Breach level Index http://breachlevelindex.com/
[5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
References:

More Related Content

What's hot

Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and HackingParth Makadiya
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber crime ✔
Cyber  crime  ✔Cyber  crime  ✔
Cyber crime ✔hubbysoni
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Artificial Intelligence in Education focusing on the Skills3.0 project
Artificial Intelligence in Education focusing on the Skills3.0 projectArtificial Intelligence in Education focusing on the Skills3.0 project
Artificial Intelligence in Education focusing on the Skills3.0 projectInge de Waard
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitysanjana mun
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?AariyaRathi
 

What's hot (20)

Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber crime ✔
Cyber  crime  ✔Cyber  crime  ✔
Cyber crime ✔
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
Cyber Safety
Cyber SafetyCyber Safety
Cyber Safety
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
Cyber security
Cyber securityCyber security
Cyber security
 
Artificial Intelligence in Education focusing on the Skills3.0 project
Artificial Intelligence in Education focusing on the Skills3.0 projectArtificial Intelligence in Education focusing on the Skills3.0 project
Artificial Intelligence in Education focusing on the Skills3.0 project
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?
 

Similar to Cybersecurity and Privacy Tips

Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Lawley Insurance
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Privacy and personal information presention of professional practice.pptx
Privacy and personal information presention of professional practice.pptxPrivacy and personal information presention of professional practice.pptx
Privacy and personal information presention of professional practice.pptxsadia456189
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalVivek Ahuja
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation  Advance network (1)N3275466 - Final Presentation  Advance network (1)
N3275466 - Final Presentation Advance network (1)Christopher Lisasi
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for NonprofitsNPowerCR
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 

Similar to Cybersecurity and Privacy Tips (20)

Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Privacy and personal information presention of professional practice.pptx
Privacy and personal information presention of professional practice.pptxPrivacy and personal information presention of professional practice.pptx
Privacy and personal information presention of professional practice.pptx
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9
 
Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-final
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation  Advance network (1)N3275466 - Final Presentation  Advance network (1)
N3275466 - Final Presentation Advance network (1)
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 

More from Katherine Cancelado

WIA - Introduction to web application penetration testing
WIA - Introduction to web application penetration testingWIA - Introduction to web application penetration testing
WIA - Introduction to web application penetration testingKatherine Cancelado
 
Redes y seguridad en AWS - CongresoSSI
Redes y seguridad en AWS - CongresoSSIRedes y seguridad en AWS - CongresoSSI
Redes y seguridad en AWS - CongresoSSIKatherine Cancelado
 
Conferencia Honeynets - CongresoSSI
Conferencia Honeynets - CongresoSSIConferencia Honeynets - CongresoSSI
Conferencia Honeynets - CongresoSSIKatherine Cancelado
 
Presentación Honeynets Universidad Libre
Presentación Honeynets Universidad Libre Presentación Honeynets Universidad Libre
Presentación Honeynets Universidad Libre Katherine Cancelado
 
Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010
Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010 Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010
Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010 Katherine Cancelado
 

More from Katherine Cancelado (6)

WIA - Introduction to web application penetration testing
WIA - Introduction to web application penetration testingWIA - Introduction to web application penetration testing
WIA - Introduction to web application penetration testing
 
Redes y seguridad en AWS - CongresoSSI
Redes y seguridad en AWS - CongresoSSIRedes y seguridad en AWS - CongresoSSI
Redes y seguridad en AWS - CongresoSSI
 
Conferencia Honeynets - CongresoSSI
Conferencia Honeynets - CongresoSSIConferencia Honeynets - CongresoSSI
Conferencia Honeynets - CongresoSSI
 
Presentación Honeynets Universidad Libre
Presentación Honeynets Universidad Libre Presentación Honeynets Universidad Libre
Presentación Honeynets Universidad Libre
 
Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010
Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010 Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010
Honeynet para dar a luz perfiles de atacantes, CParty Colombia 2010
 
Opensolaris flisol
Opensolaris flisolOpensolaris flisol
Opensolaris flisol
 

Cybersecurity and Privacy Tips

  • 1. Cybersecurity and Privacy on Internet Katherine Cancelado
  • 2. About me: Katherine Cancelado Consultant Cyber Risk Services Deloitte Dublin Tel: +353 1417 5723 Email: kcancelado@deloitte.ie Katherine is a Computer Science and Information Security Professional. She has always been interested in technology with a particular focus on cyber security over the last decade. She has over 3 years professional experience in penetration testing and vulnerability assessment. Additionally, Katherine has over 3 years experience as a network analyst, threat content creator and very recent experience in incident response for a multitude of global companies. Katherine lectured “Cyber Security“ at Javeriana University Colombia and has participated in numerous infrastructure and application penetration testing assignments, including: • Several web and network penetration tests for global organisations and financial services within South America, United Kingdom and Ireland • Worked as perimeter threat content creator for an American company in Colombia and United Kingdom • Penetration test, vulnerability assessment, incident response and forensics in the financial sector of a “Big 4” firm • Networking and system administration for an American company in Colombia Qualifications • MSc. In Cyber Security from “Universidad de la Rioja” Madrid, Spain • B.Eng. In Computer Science & Engineering from “Universidad Pontificia Bolivariana” Santander, Colombia • System Security Certified Practitioner - (ISC)² • Certified Digital Forensics Analyst – REDLIF Main industries • Bank, Financial and Insurance Companies • IT and Telecommunication • Education
  • 3. Agenda • Women at work • Risks on Internet • Privacy, Cybersecurity and Data Privacy • What can you do? • Questions • References
  • 5. Women at Work According to the United States Bureau of Labor Statistics, 46.8% of professional positions are held by women[1]. The table [2] on the right shows the different percentages of women employed in each professional sector. Cyberjutsu[3], a non-profit passionate about helping and empowering women to succeed in the Cybersecurity field also offer an interesting statistic. Only 11% of the information security workforce are women. The problem is not just the fact that women’s representation in computer science related subjects is low. It is that sometimes, the lack of computer and information security awareness leaves women vulnerable to cyber attack. Therefore driving the voice around cybersecurity and privacy, have never been more important for ourselves and our female peers. In the end, no matter what our role is, the data we look after/ manage is what makes us an ideal target. Women and Internet Professional Occupation Women Medical and health services 73.7% Human resources 73.3% Social and community service 67.4% Education 65.7% Public relationships and fundraising 59.2% Advertising and promotions 53.6% Lodging 53.5% Property, real state, and community association 50.9% Financial 49.6% Administrative services 47.7% Food services 47.1% Purchasing 44.8% Marketing and sales 43.2% General and operations 27.6% Computer and information systems 27.2% Cybersecurity 11% [1] https://www.bls.gov/cps/cpsaat11.htm [2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm [3] http://womenscyberjutsu.org/
  • 6. Information we manage The information we hold Personally Identifiable Information PII is any information that can be used to identify a person; for example, your name, address, date of birth, national insurance number, and so on. Protected Health Information PHI is defined by the Health Insurance Portability and Accountability Act (HIPPA) and comprises any data that can be used to associate a person's identity with their health care Financial Information Banking/ transaction history, credit rating Sensitive information: National Insurance Number/ PPSN, driving license, financial accounts, medical information, electoral record
  • 7. Information is money!!!! According to Breach Level Index[4], data records have been found to be lost or stolen at the following frequencies: Every day: 4,504,712 Every hour: 187,696 Every minute: 3,218 Every second: 52 Even worse… Only 4% of these breaches were ‘secure breaches’ (encryption was used and the stolen data was rendered useless). 35.19% 15.46% 11.82% 11.46% 4.40% 3.48% 1.12% Technology Other Retail Government Financial Healthcare Education Data Records Stolen or Lost by Industry [4] Data Breach level Index http://breachlevelindex.com/
  • 9. Risk on Internet • Identity thief • Phishing • Fraud Social Engineering • Websites that appear to be something they are not. Phishing websites • Obfuscation, masking, iframes, clickjacking, injections Trojan websites File sharing and privacy • Viruses • Spyware • Adware Malicious Software Risk: The likelihood of “something bad” happening and causing financial and/ or reputational damage • Information Overshared • Peer to Peer (P2P) • Torrents
  • 11. What is Privacy? [5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
  • 12. Cybersecurity and Data Privacy Cybersecurity is the conjunction of good practices, tools, concepts and measures taken to protect a system, platform or person. “Privacy is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built.” [5] [5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568 Cybersecurity and data privacy are not the same, but should always be together.
  • 14. What Can You Do? Personal information is like money Value it Protect it Common sense Share with care Anonymise your Internet use Check Secure Browsing Classify your data Examine privacy policies Uninstall unnecessary software Use encryption Not everything is visible! Remember that the Internet is an extension of our “real” life
  • 15. What Can You Do At Home? Share with care Do not reveal personal information unnecessarily. Terms & Conditions may not apply to you. ;-) 02 01 Classify your data All data is not equal. Treat different life streams separately; home/ work, spouse/ children, private/ public. 04 03 05 06 Anonymise your Internet use Stop sharing your location and using add-ons. Connect anonymously. Uninstall unnecessary software Bloatware/ pre-installed or add- on software (e.g. toolbars) usually contains unwanted processes and should be removed. Secure Browsing Regularly clear your browser history and cache, check for secure connections (HTTPS). Common sense Always be aware of your actions, a single click or tap can have serious consequences.
  • 16. What Can You Do At work? Do not take work to home Physical and digital work assets are a target outside your place of work. 02 01 Remove unused software, services Limit use of software and services to essentials. 04 03 05 06 End-to-End encryption Ensure all start and endpoints of electronic communications are encrypted to mitigate man- in-the-middle attacks. Document / Record Everything Ensure there’s a paper trail in case something goes wrong. Data retention Comply with the law but ensure useless data is destroyed. Think GDPR.  Security Awareness Give the appropriate cybersecurity training to your employees, ask about your data management expectations.
  • 17. Questions? “The art and science of asking questions is the source of knowledge” - Thomas Berger
  • 18.
  • 19. [1] https://www.bls.gov/cps/cpsaat11.htm [2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm [3] http://womenscyberjutsu.org/ [4] Data Breach level Index http://breachlevelindex.com/ [5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568 References: