Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A	
  NonProfit	
  Technologist's-­‐	
  Guide	
  to	
  
CyberSecurity	
  and	
  Data	
  Protec=on	
  
NetSquared	
  Houston	...
State	
  of	
  Data	
  Security	
  Today	
  
Na=onal	
  Security	
  -­‐	
  Major	
  Cyber	
  Wars	
  
	
  China	
  	
  
	
...
Threats	
  to	
  Commerce	
  
	
  Intellectual	
  Property,	
  Trade	
  secrets	
  
	
  Contracts,	
  Order	
  systems	
  ...
Source:	
  	
  Mandiant	
  
Source:	
  	
  PWC	
  
Source:	
  	
  Mandiant	
  
Privacy	
  ViolaCons	
  vs	
  	
  
Fraudulent	
  Access	
  
What	
  You	
  Give	
  Away	
  
Why	
  does	
  a	
  screen	
  ...
Concepts	
  in	
  Data	
  ProtecCon	
  
What	
  you	
  are	
  protecCng	
  .	
  .	
  .	
  	
  
ConfidenCality	
  
Integrity...
Best	
  PracCces	
  for	
  Small	
  Businesses	
  	
  
(and	
  Non-­‐Profits) 	
  	
  
SuggesCons	
  from	
  NaConal	
  Ins...
SuggesCons	
  from	
  NIST	
  
“Must	
  Do’s”	
  
•  Protect	
  against	
  viruses,	
  spyware,	
  and	
  other	
  malicio...
SuggesCons	
  from	
  NIST	
  
“Highly	
  Recommended”	
  
•  Train	
  to	
  be	
  Alert	
  for	
  spear-­‐phishing	
  aAa...
AddiConal	
  SuggesCons	
  	
  
Greater	
  Houston	
  Partnership	
  
•  Lockdown	
  Desktops	
  	
  
•  Disallow	
  sojwa...
Segmented	
  Your	
  Network	
  
Not-­‐so	
  SensiCve	
  
Data	
  SensiCve	
  Data	
  
Requires	
  you	
  to	
  know	
  an...
Top	
  20	
  Security	
  Controls	
  
Advanced	
  /	
  Enterprise	
  
CriCcal	
  Security	
  Controls	
  -­‐	
  Version	
 ...
EncrypCon:	
  ProtecCng	
  Microsoj	
  Docs	
  
File	
  >	
  Info	
  >	
  Restrict	
  Permission	
  by	
  People	
  
(need...
Current	
  Threat	
  Trends	
  
Heartbleed 	
  	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  Ransomware	
  
	
   	
   	
   	
  ...
Email	
  Security	
  AAachments	
  
MS	
  Office	
  Docs	
  
Turn	
  off	
  macros	
  
(or	
  at	
  least	
  prompt)	
  
Goog...
Email	
  Security	
  AAachments	
  
Watch	
  for	
  weird-­‐long	
  names	
  
	
  	
  	
  	
  	
  	
  	
  coolvideo.mp4	
 ...
Social	
  Engineering	
  
Hacking	
  -­‐	
  	
  Things	
  You	
  Think	
  May	
  be	
  
Secure	
  but	
  Aren't	
  
•  Adobe	
  
•  Java	
  
•  Fire...
Hacking	
  -­‐	
  	
  Things	
  You	
  Think	
  May	
  be	
  
Secure	
  but	
  Aren't	
  
ssl	
  implementaCons	
  
Don’t	...
Careful	
  What	
  You	
  Download	
  
Which	
  of	
  these	
  search	
  
results	
  are	
  safe?	
  	
  	
  
Password	
  Cracking	
  
	
  	
  	
  	
  Strong	
  Passwords	
  
–  8	
  –	
  15	
  Characters	
  (	
  old	
  advice),	
  ...
Mobile	
  Data	
  
Dropbox,	
  Google	
  Drive	
  and	
  Other	
  Cloud	
  Storage	
  Issues	
  
	
  Privacy,	
  Data	
  O...
Mobile	
  Data	
  
Mobile	
  Devices	
  	
  
	
  If	
  they	
  are	
  not	
  “locked	
  down”,	
  consider	
  open	
  to	
...
When	
  You	
  Are	
  Out	
  In	
  the	
  Wild	
  
Resist	
  Strange	
  joining	
  networks	
  	
  
Protect	
  Yourself	
 ...
ProtecCng	
  Your	
  Home	
  Computer	
  
Need	
  to	
  have	
  mulCple	
  copies	
  (and	
  safe	
  places)	
  for	
  eac...
ProtecCng	
  Your	
  Home	
  Computer	
  
Myth:	
  	
  Mac’s	
  are	
  not	
  	
  subject	
  to	
  viruses	
  	
  
Windows...
hAp://www.cvedetails.com/vulnerability-­‐list/vendor_id-­‐49/product_id-­‐156/cvssscoremin-­‐2/
cvssscoremax-­‐2.99/Apple-...
hAp://secunia.com/vulnerability_scanning/personal/	
  
Not	
  just	
  your	
  o/s	
  
but	
  your	
  applicaCons	
  
as	
 ...
ProtecCng	
  Your	
  Home	
  Computer	
  
Lock	
  DNS	
  	
  (if	
  possible)	
  	
  	
  
Know	
  (and	
  periodically	
  ...
ProtecCng	
  Your	
  Home	
  Computer	
  
Password	
  Repositories	
  -­‐	
  Not	
  Really	
  Safe	
  
Simple	
  SoluCon:	...
Using	
  EncrypCon	
  
Protect	
  person-­‐person	
  communicaCons	
  
Digital	
  Signatures	
  –	
  Brings	
  confidence	
...
Things	
  You	
  Don't	
  See	
  Have	
  Holes	
  
Printers	
  
Smart	
  TVs	
  and	
  other	
  appliances	
  
	
  “Samsun...
Learn	
  How	
  to	
  Create	
  a	
  Segmented	
  
Home	
  Network	
  
Safe	
  Browsing	
  Choices	
  
Use	
  Private	
  Browsing	
  (all	
  browsers	
  have	
  this	
  opCon)	
  
Limits	
  amo...
LocaCng	
  SensiCve	
  Data	
  
IdenCty	
  Finder	
  -­‐	
  Find	
  Personal	
  IdenCty	
  InformaCon	
  (PII)	
  	
  on	
...
AnCvirus	
  	
  
Good	
  products:	
  	
  	
  
	
  Comodo	
  	
  	
  	
   	
  (	
  paid	
  )	
  
	
  MalwareBytes	
  	
  (...
Keeping	
  Your	
  Ear	
  To	
  The	
  Ground	
  	
  
Resources	
  for	
  Further	
  InformaCon	
  
Greater	
  Houston	
  ...
Keeping	
  Your	
  Ear	
  To	
  The	
  Ground	
  	
  
Resources	
  for	
  Further	
  InformaCon	
  
ExecuCve	
  Order	
  B...
Closing	
  Thoughts	
  
Recognize	
  Data	
  Breaches	
  cannot	
  be	
  100%	
  
prevented.	
  	
  They	
  will	
  happen...
QuesCons	
  
Upcoming SlideShare
Loading in …5
×

A NonProfit Technologist's Guide to CyberSecurity and Data Protection

1,362 views

Published on

From NetSquared Houston, June 10, 2014.

By: Gerry McGreevy
Senior Systems Analyst, MD Anderson Cancer Center

http://www.meetup.com/Net2Houston/events/178372942/

Gerry McGreevy, long time Netsquared member, Senior Database Administrator with 15 years experience in IT, and newly re-tooled career as IT Security Consultant, will be our June speaker.



The theme for the evening's presentation will be: Know Your Data, and be Aware of Evolving Threats.

Gerry's going to talk about CyberSecurity including an overview of the current landscape on how you can protect your organization's and your personal data, whether it be at home, in your pocket, in the cloud, or you are roaming in the wild. Specific tips and pointers to resources will be included!

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

A NonProfit Technologist's Guide to CyberSecurity and Data Protection

  1. 1. A  NonProfit  Technologist's-­‐  Guide  to   CyberSecurity  and  Data  Protec=on   NetSquared  Houston    6/10/2014   Gerry  McGreevy   CISSP,  MBA,  OCP   Senior  Systems  Analyst,   MD  Anderson  Cancer  Center   gmcgreevy@mdanderson.org   Beiser  IT  Services   gerry.mcgreevy@beiser.us                                                            CommiAee  on  NaConal  Security  Systems  (CNSS)  
  2. 2. State  of  Data  Security  Today   Na=onal  Security  -­‐  Major  Cyber  Wars    China      Eastern  Bloc      Iran      N.  Korea,  South  and  SE  Asia    Mid-­‐East    Drug  Cartels  &  Organized  Crime        (foreign  /  domesCc)   Threats  to  Infrastructure    Electric  &  water  uCliCes    TransportaCon  (air  system,  rail,  traffic  signals)    CommunicaCon  (internet,  phones,  satellites)    Others  (prisons,  hospitals)    Internet  of  Everything    
  3. 3. Threats  to  Commerce    Intellectual  Property,  Trade  secrets    Contracts,  Order  systems    Proprietary  data  and  processes,  General  operaCons    Data  Breaches  and  Leakage  =  Heavy  Fines  +  ResCtuCon  +  Breach  of  Trust     Threats  to  Personal  Digital  Life    IdenCty  Fraud    Credit  Hacking    Tax    Refunds    Medical  Data  Leakage    Embarrassing  Disclosures    LiCgaCon  /  Spousal  surveillance         The  Value  of  Your  Data  
  4. 4. Source:    Mandiant   Source:    PWC  
  5. 5. Source:    Mandiant  
  6. 6. Privacy  ViolaCons  vs     Fraudulent  Access   What  You  Give  Away   Why  does  a  screen  lock     app  need  to  know?  >>     What  They  Steal  
  7. 7. Concepts  in  Data  ProtecCon   What  you  are  protecCng  .  .  .     ConfidenCality   Integrity       Availability   Types  of  Data     Customer  records   Financial  Records   Compliance  Records     Personal  IdenCty  InformaCon  (employee  records,  Credit   Card,)   Trade  Secrets   OperaConal  Records    
  8. 8. Best  PracCces  for  Small  Businesses     (and  Non-­‐Profits)     SuggesCons  from  NaConal  InsCtute  of  Standards  and   Technology   Best  PracCces  for  Small  Businesses  -­‐  NIST  7621   hAp://csrc.nist.gov/publicaCons/nisCr/ir7621/nisCr-­‐7621.pdf   SuggesCons  from  Greater  Houston  Partnership     Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf  
  9. 9. SuggesCons  from  NIST   “Must  Do’s”   •  Protect  against  viruses,  spyware,  and  other  malicious  code   •  Control  access  to  computer  and  network  (internal  and  external  firewalls)   •  Use  individual  username  /  passwords  across  your  network    (Strong  password  policies,  or  2  Factor  AuthenCcaCon  =  BeAer!)   •  Limit  access  to  important  data     •  Use  segmented  networks   •  Patch  operaCng  systems  and  applica&ons    (Secunia  PSI  hNp://secunia.com    )   •  Make  Regular  Backups  –  Fully  Test  a  Restore   •  Train  employee’s  in  basic  security  principles  
  10. 10. SuggesCons  from  NIST   “Highly  Recommended”   •  Train  to  be  Alert  for  spear-­‐phishing  aAacks,  links  in  emails,  IM,  pop-­‐ ups,    social  Engineering  ,  web  surfing,    downloading.       •  Cau=ons  Against  Online  Business  or  Banking      Not  from  mobile  or  strange  networks,  only  from  secure  computer        Use  VPN,  Remote  Desktop,  or  encrypted  VNC,  GoToMyPC,  etc         •  Properly  Dispose  of  Old  Computers  and  Media   •  How  to  get  help  with  informa=on  security  when  you  need   •  Recommended  Personnel  Prac=ces  in  Hiring  Employees  
  11. 11. AddiConal  SuggesCons     Greater  Houston  Partnership   •  Lockdown  Desktops     •  Disallow  sojware  installaCons,  usb,  other  devices   •  Whitelist  apps  that  are  okay  –install  fro  common  download  area   •  Lockdown  Wifi  and  Mobile  (by  mac  address  and  WPA2  password)   •  Monitor  Web  Usage    and  Report   •  Learn  how  to  Encrypt  Data    (MS  Doc  locks,  TrueCrypt,  BitLocker  )   •  Avoid  Using  Cloud  (  Especially  for  Sensi5ve  Info!  )   •  Classify  Data  &  Separate  Based  on  Content  &  ClassificaCon   •  Formalized  Security  Policies   •  Conduct  Assessments   •  Data  Recovery  Exercises  
  12. 12. Segmented  Your  Network   Not-­‐so  SensiCve   Data  SensiCve  Data   Requires  you  to  know  and  classify  your   data.        <  CriCcal  Exercise    !  
  13. 13. Top  20  Security  Controls   Advanced  /  Enterprise   CriCcal  Security  Controls  -­‐  Version  5   •  Critical Security Controls - Version 5 •  1: Inventory of Authorized and Unauthorized Devices •  2: Inventory of Authorized and Unauthorized Software •  3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers •  4: Continuous Vulnerability Assessment and Remediation •  5: Malware Defenses •  6: Application Software Security •  7: Wireless Access Control •  8: Data Recovery Capability •  9: Security Skills Assessment and Appropriate Training to Fill Gaps •  10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches •  11: Limitation and Control of Network Ports, Protocols, and Services •  12: Controlled Use of Administrative Privileges •  13: Boundary Defense •  14: Maintenance, Monitoring, and Analysis of Audit Logs •  15: Controlled Access Based on the Need to Know •  16: Account Monitoring and Control •  17: Data Protection •  18: Incident Response and Management •  19: Secure Network Engineering •  20: Penetration Tests and Red Team Exercises This  work  is  licensed  under  a  CreaCve  Commons  AAribuCon-­‐NoDerivs  3.0  Unported  License.       hAp://www.sans.org/criCcal-­‐security-­‐controls/    
  14. 14. EncrypCon:  ProtecCng  Microsoj  Docs   File  >  Info  >  Restrict  Permission  by  People   (need  Windows  ID)   Microsoj  Office  360     Good  for  sharing,  not  good  for  sensiCve  data.       Use  Winzip  to  send  the  doc  in  an   encrypted  AES  256  wrapper.     GNU  Privacy  Guard                                               hAps://www.gnupg.org/  
  15. 15. Current  Threat  Trends   Heartbleed                      Ransomware                        Spear-­‐phishing     Other  trends  
  16. 16. Email  Security  AAachments   MS  Office  Docs   Turn  off  macros   (or  at  least  prompt)   Google  Docs   Preview   (big  difference  in  security   between    previewing   Gmail  vs  Outlook)  
  17. 17. Email  Security  AAachments   Watch  for  weird-­‐long  names                coolvideo.mp4                                                                                                                                                                                                                                                                                                        .exe   Open  in  Sandbox  Environment    (Virtual  Machine)   Understand  Digital  Signatures  
  18. 18. Social  Engineering  
  19. 19. Hacking  -­‐    Things  You  Think  May  be   Secure  but  Aren't   •  Adobe   •  Java   •  Firefox     •  Google   •  Microsoj   •  Apple  
  20. 20. Hacking  -­‐    Things  You  Think  May  be   Secure  but  Aren't   ssl  implementaCons   Don’t  download  directly    to  Dropbox    (it  tells  them  what  account,  and  you  have  to  login,  giving  your  password)    Download  to  local,  then  save  to  Dropbox.      Recommend  NOT  sharing  passwords  from  one  site  to  another        ie.  Don’t  use  Facebook  /  Google  id  to  log  into  some  site  
  21. 21. Careful  What  You  Download   Which  of  these  search   results  are  safe?      
  22. 22. Password  Cracking          Strong  Passwords   –  8  –  15  Characters  (  old  advice),  non-­‐dicConary  words   –  Stop  using  5  for  S,  1  for  I,  0  for  O  (doesn’t  really  help  anymore)   –  Be  aware  of  common  password  paAerns         (Paper  on  PIN  numbers:    hAp://www.datageneCcs.com/blog/september32012/  )   –  Problems  w/  password  managers  LastPass,  KeepPass,  others   –  Use  Phrases  with  spellings  all  messed  up      i.e:    toseideotsdonno   Don’t  communicate  passwords  via  email  or  SMS   Use  a  different  “channel”        BeAer  Protect  yourself  MulC-­‐Factor  AuthenCcaCon                                                      (ie.    Google  AuthenCcator,  can  be  used  by  some  apps)  
  23. 23. Mobile  Data   Dropbox,  Google  Drive  and  Other  Cloud  Storage  Issues    Privacy,  Data  Ownership,  Responsibility      Only  put  docs  out  that  no  harm  done  if  revealed    Or,  encrypt  before  wriCng  to  cloud                    (warning  –  consider  where/  by  whom  encrypCon  is  being  done).       Thumbdrives        Very  easy  to  hide  a  virus    Use  encrypted  (or  hidden)  parCCon    Tool:    Truecrypt      
  24. 24. Mobile  Data   Mobile  Devices      If  they  are  not  “locked  down”,  consider  open  to  internet.        Allow  non-­‐rooted  phones  only    Use  a  “guest”  network  to  connect  for  any  device  not    locked  down.          Most  client  apps  (email,  SMS,  etc,  leave  data  on  phone).      Far  from  guaranteed  you  can  erase  all  data  on  lost  phone  
  25. 25. When  You  Are  Out  In  the  Wild   Resist  Strange  joining  networks     Protect  Yourself  by  Doing  Everything  Important  from  Home  (even  when  you’re  not)   Accessing  Your  Screen  At  Home  While  Away  -­‐  OpCons:                        Remote  Desktop  -­‐  (Windows)              GoToMyPC   VNC  Personal,  use  128  bit  encrypCon    (256  =  strong)   hAp://www.realvnc.com/                          OpenVPN  
  26. 26. ProtecCng  Your  Home  Computer   Need  to  have  mulCple  copies  (and  safe  places)  for  each  backup:      Onsite  and  Remote   Where  and  how  you  encrypt  maAers  a  lot  to  both  security  and  costs   Easy:    Copy  files  to  USB  External  Hard  Drive  >  Remove  Drive  ,    give  it  to  friend.    Cost  $70  -­‐  $150.     Orig.                                        Backup  /  zip                            Upload       Data              >                  to  compress                                    >                        to    Cloud                                                        2nd  Local  Drive        (Encrypt  before              write  to  disk)     My  Docs  >  copy/zip  to      E:Backup      >      Upload  to  Amazon.      Cost  to  setup  $0            Cost  to  restore      $40  -­‐  $100   Must  Fully  Test  Restore.        A  restore  method  not  tested  is  makes  it  a  crap  shoot,  odds  against  you.      
  27. 27. ProtecCng  Your  Home  Computer   Myth:    Mac’s  are  not    subject  to  viruses     Windows  vs.  Mac       hAp://www.cvedetails.com/top-­‐50-­‐vendors.php  
  28. 28. hAp://www.cvedetails.com/vulnerability-­‐list/vendor_id-­‐49/product_id-­‐156/cvssscoremin-­‐2/ cvssscoremax-­‐2.99/Apple-­‐Mac-­‐Os-­‐X.html  
  29. 29. hAp://secunia.com/vulnerability_scanning/personal/   Not  just  your  o/s   but  your  applicaCons   as  well       ProtecCng  Your  Home  Computer   Keep  it    Patched!    
  30. 30. ProtecCng  Your  Home  Computer   Lock  DNS    (if  possible)       Know  (and  periodically  check)  where  your  DNS  is  pointed  to.       Logfiles,  know  where  they  are,  become  familiar  with  what  they  do    (may  be  overwhelming)   File  Shredding:    Learn  to  digitally  “shred”  sensiCve  files      (  hAp://www.fileshredder.org/  )  
  31. 31. ProtecCng  Your  Home  Computer   Password  Repositories  -­‐  Not  Really  Safe   Simple  SoluCon:     Encrypt  spreadsheet  (winzip,  truecrypt)   White  out  the  passwords,  so  you  can  just  copy  /  paste  
  32. 32. Using  EncrypCon   Protect  person-­‐person  communicaCons   Digital  Signatures  –  Brings  confidence  sender  is  as  claimed   Message  AuthenCcaCon    -­‐  Not  changed  in  transit   Privacy    -­‐  Secure  message  in  transit   Disc  encrypCon  –  Important  on  mobile  devices   Personal  IdenCty  in  public  space  –  Digital  ID’s   Common  Freeware:    TrueCrypt,  Windows  Bitlocker,  Gnu  Privacy  Guard,  Winzip  (pay)  
  33. 33. Things  You  Don't  See  Have  Holes   Printers   Smart  TVs  and  other  appliances    “Samsung  All  Share“   Video  Game  Consoles   “Internet  of  Everything”   SoluCon:    Segmented  Network  /subnet/DMZ   Put  your  most  secure  data  behind  an  internal  firewall  
  34. 34. Learn  How  to  Create  a  Segmented   Home  Network  
  35. 35. Safe  Browsing  Choices   Use  Private  Browsing  (all  browsers  have  this  opCon)   Limits  amount  of  info  stored  in  browser.     Use  Virtual  Machines  for  browsing  the  internet   (need  to  isolate  the  VM  from  any  network)   TOR  (  The  Onion  Router  )     Not  really  anonymous,  but  very  hard  to  trace  
  36. 36. LocaCng  SensiCve  Data   IdenCty  Finder  -­‐  Find  Personal  IdenCty  InformaCon  (PII)    on   your  computer  
  37. 37. AnCvirus     Good  products:        Comodo          (  paid  )    MalwareBytes    (free)      Combofix  rootkit  fixer  (free)    Recommend  avoiding  Kaspersky    
  38. 38. Keeping  Your  Ear  To  The  Ground     Resources  for  Further  InformaCon   Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf   Best  PracCces  for  Small  Businesses  -­‐  NIST  7621   hAp://csrc.nist.gov/publicaCons/nisCr/ir7621/nisCr-­‐7621.pdf   SuggesCons  from  Greater  Houston  Partnership     Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf   Know  the  Risks  Before  You  Head  to  the  Cloud:  A  Primer  on  Cloud  CompuCng  Legal  Risks  and  Issues  for  Nonprofits   hAp://www.jdsupra.com/post/documentViewer.aspx?fid=05a42be3-­‐161f-­‐4909-­‐af04-­‐50aa14b6689e   Cybersecurity:  The  Corporate  Counsel’s  Agenda   hAp://www.hoganlovells.com/custom/eDocs/Cybersecurity%20Advisory_Pearson_11152012.pdf   Online  Social  Networks,  CyberRisk  and  Your  Nonprofit:  What  You  Need  to  Know   hAp://www.nonprofitrisk.org/library/newsleAer/followme.shtml  
  39. 39. Keeping  Your  Ear  To  The  Ground     Resources  for  Further  InformaCon   ExecuCve  Order  Begins  Process  of  Strengthening  NaCon's  Cybersecurity  and  CriCcal  Infrastructure   hAp://www.pepperlaw.com/publicaCons_update.aspx?ArCcleKey=2562   NIST  Special  PublicaCon  500-­‐292:  Cloud  Compu5ng  Reference  Architecture.   The  Importance  of  Cybersecurity  to  the  Legal  Profession  and  Outsourcing  as  a  Best  PracCce   hAp://e-­‐discoveryteam.com/2014/05/11/the-­‐importance-­‐of-­‐cybersecurity-­‐to-­‐the-­‐legal-­‐profession-­‐and-­‐outsourcing-­‐as-­‐a-­‐best-­‐pracCce-­‐part-­‐one/   Online  Privacy  for  Nonprofits   hAps://www.privacyrights.org/online-­‐privacy-­‐nonprofits   NIST  Proposes  Privacy  Control  Roadmap  for  OrganizaCons     hAp://www.pepperlaw.com/publicaCons_update.aspx?ArCcleKey=2658)   Common  Vulnerability  EvaluaCon  Database   hAp://www.cvedetails.com   Mandiant  Reports  hAps://www.mandiant.com/resources/mandiant-­‐reports/   Webcasts:   BiAer  C-­‐Suite:  Privacy,  Security  and  Data  ProtecCon  Issues  Facing  CorporaCons,  Directors  and  Officers  ( hAp://www.pepperlaw.com/webinars_update.aspx?ArCcleKey=2888)   BYOD  (Bring  Your  Own  Device)  *Liability  and  Data  Breach  Sold  Separately  (hAp://www.pepperlaw.com/webinars_update.aspx?ArCcleKey=2773)  
  40. 40. Closing  Thoughts   Recognize  Data  Breaches  cannot  be  100%   prevented.    They  will  happen.    You  must  prepare   mulCple  defense  strategies  to  remediate.     Take  a  thorough  inventory  of  your  data,  your   devices,  your  systems,  and  who  is  “allowed”.   Understand,  and  stay  aware  of  a  conCnuously   evolving  threat  environment  -­‐  Defending  your  data   is  an  ongoing  process.      
  41. 41. QuesCons  

×