SlideShare a Scribd company logo

A Cybersecurity Planning Guide for CFOs

gppcpa
gppcpa

Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.

Business
1 of 31
Download to read offline
A Cybersecurity Planning Guide for CFOs Scams & Fraud, Developing a Plan,Tips, and Resources Presented by André Nel, CPA 1
WHY IS DATA SECURITY CRITICAL? Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Customer and client information, payment information, personal files, bank account details - all of this information is often impossible to replace if lost, and dangerous in the hands of criminals. Data lost due to disasters, such as a flood or fire, is devastating, but losing it to hackers or a malware infection can have far greater consequences. How you handle and protect your data is central to the security of your business and the privacy expectations of customers, employees and partners. Things have changed! Page 2
AGENDA FORTODAY 1. Scams and Fraud 2. Data Security – Developing an Action Plan 3. CybersecurityTips 4. Resources Page 3
SCAMS AND FRAUD New ways are developed by cyber criminals every day to victimize your businesses, scam your customers, hurt your reputation and hold you at ransom. The 2017 Verizon Data Breach Investigations Report (DBIR) included the following summaries: Page 4
SCAMS AND FRAUD (CONTINUED) If you haven’t suffered a data breach you’ve either been incredibly well prepared, or very, very lucky.Are you incredibly well prepared? Page 5
WHAT ARE SOME OF THE MAIN CYBER SCAMSTODAY? Knowing which incident patterns affect your industry more often than others do provide a building block for allocating cybersecurity resources. These nine incident patterns have been identified in the DBIR: 1. Insider and privilege misuse – trusted actors leveraging logical and/or physical access in an inappropriate or malicious manner. 2. Cyber-espionage – targeted attacks from external actors hunting for sensitive internal data and trade secrets. 3. Web application attacks – web-application-related stolen credentials or vulnerability exploits. 4. Crimeware – malware incidents, typically opportunistic and financially motivated in nature (e.g., bankingTrojans, ransomware). Page 6
WHAT ARE SOME OF THE MAIN CYBER SCAMSTODAY? (CONTINUED) 5. Point-of-sale (POS) intrusions – attacks on POS environments leading to payment card data disclosure. 6. Denial of service (DoS) attacks – non-breach related attacks affecting business operations. 7. Payment card skimmers – physical tampering of ATMs and fuel-pump terminals. 8. Physical theft and loss – physical loss or theft of data or IT-related assets. 9. Miscellaneous errors – an error directly causing data loss. Page 7
QUESTIONS AND COMMENTS Any questions or experiences to share with the group before we move on to the next item on the agenda? Page 8
AGENDA FORTODAY 1. Scams and fraud 2. Data security – Developing an Action plan 3. CybersecurityTips 4. Resources Page 9
CYBER SECURITY ACTION PLAN The six steps in developing your cybersecurity action plan: 1. Conduct an inventory of all data you have. 2. Once you've identified your data, keep a record of its location and move it to more appropriate locations as needed. 3. Develop a privacy policy. 4. Protect data collected on the Internet. 5. Create layers of security. 6. Plan for data loss or theft. Page 10
STEP 1 – CONDUCT AN INVENTORY OF ALL DATA 1. What kind of data do you have in your business? • Customer data • Employee information • Proprietary and sensitive business information 2. How is that data handled and protected? • Where is this data stored? • What happens when the data is used or moved to a different location? 3. Who has access to that data? • Who has rights to access that data? • How will the access privileges be managed? Page 11
STEP 2 - KEEP A RECORD OFWHERE DATA IS LOCATED Record the location of data. Keep in mind that the same data could be located in more than one location. 1. Location could include: • Local or desktop computer • Central file server • Cloud • Mobile devices such as USB memory stick • Smartphones 2. Consider moving it to a more appropriate location. Page 12
STEP 3 – DEVELOP A PRIVACY POLICY Your privacy policy is a pledge to your customers that you will use and protect their information in ways that they expect and that adhere to your legal obligations. 1. Create your privacy policy with care. 2. Growing number of regulations protecting customer and employee privacy. • There are costly penalties if you do not comply • You will be held accountable for what you claim and offer in your policy 3. Share your policy, rules and expectations with all employees. • There is a growing trend to post privacy policies on company websites 4. Policy should address the following types of data: • Personally Identifiable information • Personal Health Information • Customer Information Page 13
STEP 4 – PROTECT DATA COLLECTED ON THE INTERNET Your website can be a great place to collect information, but that comes with a responsibility to protect that data. 1. Data collected can include: • Transactions and payment information • Newsletter sign-ups • Online inquiries • Customer requests or orders 2. Data collected from your website can be stored in different places. • When you host your own website, it may be stored on your own servers • When hosted by a third party be sure that party protects that data fully 3. That protection includes protection from: • Hackers and outsiders • Employees of the hosting company Page 14
STEP 5 – CREATE LAYERS OF SECURITY The idea of layering security is simple: You cannot and should not rely on just one security mechanism – such as a password – to protect something sensitive. If that security mechanism fails, you have nothing left to protect you. 1. Classify your data: • HIGHLY CONFIDENTIAL • SENSITIVE • INTERNAL USE ONLY 2. Control access to your data. 3. Secure your data: • Passwords – Random, complex and long • Encryption 4. Back up your data. • Put a policy in place that specify what data is backed up, how often, who is responsible, how and where backups are stored and who has access. • Physical media used to store data is vulnerable, so make sure it is encrypted. Page 15
STEP 6 – PLAN FOR DATA RECOVERY AFTER A LOSS OR THEFT Plan for the unexpected, including the loss or theft of data. 1. Be prepared for a rapid and coordinated response to any loss or theft of data. 2. Employees and contractors should understand that they should report any loss or theft to the appropriate company official. 3. Test your data recovery from backup systems on a regular basis. Page 16
CYBER SECURITY ACTION PLAN Let’s recap the six steps in developing your cybersecurity action plan: 1. Conduct an inventory of all data you have. 2. Once you've identified your data, keep a record of its location and move it to more appropriate locations as needed. 3. Develop a privacy policy. 4. Protect data collected on the Internet. 5. Create layers of security. 6. Plan for data loss or theft. Page 17
QUESTIONS AND COMMENTS Any questions or experiences to share with the group before we move on to the next item on the agenda? Page 18
AGENDA FORTODAY 1. Scams and 2. Data security – Developing an Action plan 3. CybersecurityTips 4. Resources Page 19
CYBERSECURITYTIPS 1. Don’t ever say “It won’t happen to me.” 2. Train employees in security principles. Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data. 3. Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to; bad actors will often take advantage of spelling mistakes to direct you to a harmful domain. Page 20
CYBERSECURITYTIPS (CONTINUED) 4. Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data. 5. Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information. Page 21
CYBERSECURITYTIPS (CONTINUED) 6. Protect information, computers, and networks from cyber attacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. 7. Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are protected by a firewall. Page 22
CYBERSECURITYTIPS (CONTINUED) 8. Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. 9. Make backup copies of important business data and information. Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. Page 23
CYBERSECURITYTIPS (CONTINUED) 10. Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. 11. Secure yourWi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. Page 24
CYBERSECURITYTIPS (CONTINUED) 12. Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet. 13. Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission. Page 25
CYBERSECURITYTIPS (CONTINUED) 14. Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account. 15. Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. Page 26
CYBERSECURITYTIPS (CONTINUED) 16. Identify a senior-level employee or qualified third party to lead your firm’s cybersecurity program. 17. Examine your insurance policies to ensure adequate cyber coverage levels. Page 27
HOW CAN GPP HELPYOU? Don’t feel as though you need to come up with cyber strategies on your own. We are experienced in providing comments on control related matters to management. In addition, as a member of the BDO Alliance USA, we have access to resources that can help your organization as you navigate the cybersecurity risk and compliance landscape, including: • Guidance on conducting a cyber risk assessment • How to take inventory of your sensitive information • Develop and implement an incident response plan Page 28
RESOURCES, REFERENCES AND CREDITS Page 29 1. Federal Communications Commission (FCC) i. https://www.fcc.gov/cyberplanner ii. https://apps.fcc.gov/edocs_public/attachmatch/DOC- 343096A1.pdf iii. https://apps.fcc.gov/edocs_public/attachmatch/DOC- 306595A1.pdf 2. 2017Verizon Data Breach Investigations Report (DBIR) http://www.verizonenterprise.com/verizon-insights- lab/dbir/2017/
QUESTIONS AND COMMENTS? André Nel (214)-635-2607 anel@gppcpa.com Page 30
If you have any questions please feel free to contact André Nel at: (214)-635-2607 anel@gppcpa.com

Recommended

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
mapletronics
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 

Recommended

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
mapletronics
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
Quick Heal Technologies Ltd.
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
UthsoNandy
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
Kroll
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011
Tony Richardson CISSP
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
Cybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsCybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity laws
Bryan Len
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
Amirul Shafiq Ahmad Zuperi
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
Stephen Cobb
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
Gryffin EJ
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Are you the next target?
Are you the next target?Are you the next target?
Are you the next target?
Strategic Insurance Software
 

More Related Content

What's hot

Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
Quick Heal Technologies Ltd.
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
UthsoNandy
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
Kroll
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011
Tony Richardson CISSP
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
Cybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsCybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity laws
Bryan Len
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
Amirul Shafiq Ahmad Zuperi
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
Stephen Cobb
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
Gryffin EJ
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 

What's hot (20)

Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Cybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsCybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity laws
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Network security
Network securityNetwork security
Network security
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 

Similar to A Cybersecurity Planning Guide for CFOs

1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Are you the next target?
Are you the next target?Are you the next target?
Are you the next target?
Strategic Insurance Software
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
Meg Weber
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
V2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
V2Infotech1
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
xband
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
Jeremy Quadri
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
Michael O'Phelan
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
cyberprosocial
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptx
TRSrinidi
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
SecureCurve
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber Security
Meg Weber
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
IRJET Journal
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 

Similar to A Cybersecurity Planning Guide for CFOs (20)

1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Are you the next target?
Are you the next target?Are you the next target?
Are you the next target?
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptx
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber Security
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 

More from gppcpa

The Hazards of Unpaid Payroll Taxes
The Hazards of Unpaid Payroll TaxesThe Hazards of Unpaid Payroll Taxes
The Hazards of Unpaid Payroll Taxes
gppcpa
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
gppcpa
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
gppcpa
 
Surviving a Refundable Credit Due Diligence Audit
Surviving a Refundable Credit Due Diligence AuditSurviving a Refundable Credit Due Diligence Audit
Surviving a Refundable Credit Due Diligence Audit
gppcpa
 
Build Homes, Not Your Tax Bills: How the new tax law impacts home builders
Build Homes, Not Your Tax Bills: How the new tax law impacts home buildersBuild Homes, Not Your Tax Bills: How the new tax law impacts home builders
Build Homes, Not Your Tax Bills: How the new tax law impacts home builders
gppcpa
 
The IRS Passport Revocation For Unpaid Taxes: A Primer
The IRS Passport Revocation For Unpaid Taxes: A PrimerThe IRS Passport Revocation For Unpaid Taxes: A Primer
The IRS Passport Revocation For Unpaid Taxes: A Primer
gppcpa
 
The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...
The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...
The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...
gppcpa
 
Tax Reform Update for Businesses and Individuals
Tax Reform Update for Businesses and IndividualsTax Reform Update for Businesses and Individuals
Tax Reform Update for Businesses and Individuals
gppcpa
 
The New Tax Law: Here's What You Should Know
The New Tax Law: Here's What You Should KnowThe New Tax Law: Here's What You Should Know
The New Tax Law: Here's What You Should Know
gppcpa
 
International Tax Reform - Tax Cuts and Jobs Act of 2017
International Tax Reform - Tax Cuts and Jobs Act of 2017International Tax Reform - Tax Cuts and Jobs Act of 2017
International Tax Reform - Tax Cuts and Jobs Act of 2017
gppcpa
 
Financial Strategies for 2018 for Foreign Investors
Financial Strategies for 2018 for Foreign InvestorsFinancial Strategies for 2018 for Foreign Investors
Financial Strategies for 2018 for Foreign Investors
gppcpa
 
Alternatives to IRS Enforced Collections - Installment Agreements and Account...
Alternatives to IRS Enforced Collections - Installment Agreements and Account...Alternatives to IRS Enforced Collections - Installment Agreements and Account...
Alternatives to IRS Enforced Collections - Installment Agreements and Account...
gppcpa
 
What Every Business Owner Needs to Know About Selling a Business
What Every Business Owner Needs to Know About Selling a BusinessWhat Every Business Owner Needs to Know About Selling a Business
What Every Business Owner Needs to Know About Selling a Business
gppcpa
 
Occupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence InvestigationsOccupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence Investigations
gppcpa
 
Subchapter S Corporations & Estates Trusts as Shareholders
Subchapter S Corporations & Estates Trusts as Shareholders Subchapter S Corporations & Estates Trusts as Shareholders
Subchapter S Corporations & Estates Trusts as Shareholders
gppcpa
 
Occupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to KnowOccupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to Know
gppcpa
 
Are your medical office practices putting you at risk for a lawsuit?
Are your medical office practices putting you at risk for a lawsuit?Are your medical office practices putting you at risk for a lawsuit?
Are your medical office practices putting you at risk for a lawsuit?
gppcpa
 
Reporting Requirements for US Citizens with Foreign Assets
Reporting Requirements for US Citizens with Foreign AssetsReporting Requirements for US Citizens with Foreign Assets
Reporting Requirements for US Citizens with Foreign Assets
gppcpa
 
Us tax presentation
Us tax presentationUs tax presentation
Us tax presentation
gppcpa
 
Divorce & Estates: Tax and Other Financial Considerations
Divorce & Estates: Tax and Other Financial ConsiderationsDivorce & Estates: Tax and Other Financial Considerations
Divorce & Estates: Tax and Other Financial Considerations
gppcpa
 

More from gppcpa (20)

The Hazards of Unpaid Payroll Taxes
The Hazards of Unpaid Payroll TaxesThe Hazards of Unpaid Payroll Taxes
The Hazards of Unpaid Payroll Taxes
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
 
Surviving a Refundable Credit Due Diligence Audit
Surviving a Refundable Credit Due Diligence AuditSurviving a Refundable Credit Due Diligence Audit
Surviving a Refundable Credit Due Diligence Audit
 
Build Homes, Not Your Tax Bills: How the new tax law impacts home builders
Build Homes, Not Your Tax Bills: How the new tax law impacts home buildersBuild Homes, Not Your Tax Bills: How the new tax law impacts home builders
Build Homes, Not Your Tax Bills: How the new tax law impacts home builders
 
The IRS Passport Revocation For Unpaid Taxes: A Primer
The IRS Passport Revocation For Unpaid Taxes: A PrimerThe IRS Passport Revocation For Unpaid Taxes: A Primer
The IRS Passport Revocation For Unpaid Taxes: A Primer
 
The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...
The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...
The Impact of the Tax Cuts & Jobs Act on High Tax Bracket Individuals - Show ...
 
Tax Reform Update for Businesses and Individuals
Tax Reform Update for Businesses and IndividualsTax Reform Update for Businesses and Individuals
Tax Reform Update for Businesses and Individuals
 
The New Tax Law: Here's What You Should Know
The New Tax Law: Here's What You Should KnowThe New Tax Law: Here's What You Should Know
The New Tax Law: Here's What You Should Know
 
International Tax Reform - Tax Cuts and Jobs Act of 2017
International Tax Reform - Tax Cuts and Jobs Act of 2017International Tax Reform - Tax Cuts and Jobs Act of 2017
International Tax Reform - Tax Cuts and Jobs Act of 2017
 
Financial Strategies for 2018 for Foreign Investors
Financial Strategies for 2018 for Foreign InvestorsFinancial Strategies for 2018 for Foreign Investors
Financial Strategies for 2018 for Foreign Investors
 
Alternatives to IRS Enforced Collections - Installment Agreements and Account...
Alternatives to IRS Enforced Collections - Installment Agreements and Account...Alternatives to IRS Enforced Collections - Installment Agreements and Account...
Alternatives to IRS Enforced Collections - Installment Agreements and Account...
 
What Every Business Owner Needs to Know About Selling a Business
What Every Business Owner Needs to Know About Selling a BusinessWhat Every Business Owner Needs to Know About Selling a Business
What Every Business Owner Needs to Know About Selling a Business
 
Occupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence InvestigationsOccupational Fraud and Electronic Evidence Investigations
Occupational Fraud and Electronic Evidence Investigations
 
Subchapter S Corporations & Estates Trusts as Shareholders
Subchapter S Corporations & Estates Trusts as Shareholders Subchapter S Corporations & Estates Trusts as Shareholders
Subchapter S Corporations & Estates Trusts as Shareholders
 
Occupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to KnowOccupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to Know
 
Are your medical office practices putting you at risk for a lawsuit?
Are your medical office practices putting you at risk for a lawsuit?Are your medical office practices putting you at risk for a lawsuit?
Are your medical office practices putting you at risk for a lawsuit?
 
Reporting Requirements for US Citizens with Foreign Assets
Reporting Requirements for US Citizens with Foreign AssetsReporting Requirements for US Citizens with Foreign Assets
Reporting Requirements for US Citizens with Foreign Assets
 
Us tax presentation
Us tax presentationUs tax presentation
Us tax presentation
 
Divorce & Estates: Tax and Other Financial Considerations
Divorce & Estates: Tax and Other Financial ConsiderationsDivorce & Estates: Tax and Other Financial Considerations
Divorce & Estates: Tax and Other Financial Considerations
 

Recently uploaded

The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
fakeloginn69
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
Bojamma2
 

Recently uploaded (20)

The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
 

A Cybersecurity Planning Guide for CFOs

  • 1. A Cybersecurity Planning Guide for CFOs Scams & Fraud, Developing a Plan,Tips, and Resources Presented by André Nel, CPA 1
  • 2. WHY IS DATA SECURITY CRITICAL? Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Customer and client information, payment information, personal files, bank account details - all of this information is often impossible to replace if lost, and dangerous in the hands of criminals. Data lost due to disasters, such as a flood or fire, is devastating, but losing it to hackers or a malware infection can have far greater consequences. How you handle and protect your data is central to the security of your business and the privacy expectations of customers, employees and partners. Things have changed! Page 2
  • 3. AGENDA FORTODAY 1. Scams and Fraud 2. Data Security – Developing an Action Plan 3. CybersecurityTips 4. Resources Page 3
  • 4. SCAMS AND FRAUD New ways are developed by cyber criminals every day to victimize your businesses, scam your customers, hurt your reputation and hold you at ransom. The 2017 Verizon Data Breach Investigations Report (DBIR) included the following summaries: Page 4
  • 5. SCAMS AND FRAUD (CONTINUED) If you haven’t suffered a data breach you’ve either been incredibly well prepared, or very, very lucky.Are you incredibly well prepared? Page 5
  • 6. WHAT ARE SOME OF THE MAIN CYBER SCAMSTODAY? Knowing which incident patterns affect your industry more often than others do provide a building block for allocating cybersecurity resources. These nine incident patterns have been identified in the DBIR: 1. Insider and privilege misuse – trusted actors leveraging logical and/or physical access in an inappropriate or malicious manner. 2. Cyber-espionage – targeted attacks from external actors hunting for sensitive internal data and trade secrets. 3. Web application attacks – web-application-related stolen credentials or vulnerability exploits. 4. Crimeware – malware incidents, typically opportunistic and financially motivated in nature (e.g., bankingTrojans, ransomware). Page 6
  • 7. WHAT ARE SOME OF THE MAIN CYBER SCAMSTODAY? (CONTINUED) 5. Point-of-sale (POS) intrusions – attacks on POS environments leading to payment card data disclosure. 6. Denial of service (DoS) attacks – non-breach related attacks affecting business operations. 7. Payment card skimmers – physical tampering of ATMs and fuel-pump terminals. 8. Physical theft and loss – physical loss or theft of data or IT-related assets. 9. Miscellaneous errors – an error directly causing data loss. Page 7
  • 8. QUESTIONS AND COMMENTS Any questions or experiences to share with the group before we move on to the next item on the agenda? Page 8
  • 9. AGENDA FORTODAY 1. Scams and fraud 2. Data security – Developing an Action plan 3. CybersecurityTips 4. Resources Page 9
  • 10. CYBER SECURITY ACTION PLAN The six steps in developing your cybersecurity action plan: 1. Conduct an inventory of all data you have. 2. Once you've identified your data, keep a record of its location and move it to more appropriate locations as needed. 3. Develop a privacy policy. 4. Protect data collected on the Internet. 5. Create layers of security. 6. Plan for data loss or theft. Page 10
  • 11. STEP 1 – CONDUCT AN INVENTORY OF ALL DATA 1. What kind of data do you have in your business? • Customer data • Employee information • Proprietary and sensitive business information 2. How is that data handled and protected? • Where is this data stored? • What happens when the data is used or moved to a different location? 3. Who has access to that data? • Who has rights to access that data? • How will the access privileges be managed? Page 11
  • 12. STEP 2 - KEEP A RECORD OFWHERE DATA IS LOCATED Record the location of data. Keep in mind that the same data could be located in more than one location. 1. Location could include: • Local or desktop computer • Central file server • Cloud • Mobile devices such as USB memory stick • Smartphones 2. Consider moving it to a more appropriate location. Page 12
  • 13. STEP 3 – DEVELOP A PRIVACY POLICY Your privacy policy is a pledge to your customers that you will use and protect their information in ways that they expect and that adhere to your legal obligations. 1. Create your privacy policy with care. 2. Growing number of regulations protecting customer and employee privacy. • There are costly penalties if you do not comply • You will be held accountable for what you claim and offer in your policy 3. Share your policy, rules and expectations with all employees. • There is a growing trend to post privacy policies on company websites 4. Policy should address the following types of data: • Personally Identifiable information • Personal Health Information • Customer Information Page 13
  • 14. STEP 4 – PROTECT DATA COLLECTED ON THE INTERNET Your website can be a great place to collect information, but that comes with a responsibility to protect that data. 1. Data collected can include: • Transactions and payment information • Newsletter sign-ups • Online inquiries • Customer requests or orders 2. Data collected from your website can be stored in different places. • When you host your own website, it may be stored on your own servers • When hosted by a third party be sure that party protects that data fully 3. That protection includes protection from: • Hackers and outsiders • Employees of the hosting company Page 14
  • 15. STEP 5 – CREATE LAYERS OF SECURITY The idea of layering security is simple: You cannot and should not rely on just one security mechanism – such as a password – to protect something sensitive. If that security mechanism fails, you have nothing left to protect you. 1. Classify your data: • HIGHLY CONFIDENTIAL • SENSITIVE • INTERNAL USE ONLY 2. Control access to your data. 3. Secure your data: • Passwords – Random, complex and long • Encryption 4. Back up your data. • Put a policy in place that specify what data is backed up, how often, who is responsible, how and where backups are stored and who has access. • Physical media used to store data is vulnerable, so make sure it is encrypted. Page 15
  • 16. STEP 6 – PLAN FOR DATA RECOVERY AFTER A LOSS OR THEFT Plan for the unexpected, including the loss or theft of data. 1. Be prepared for a rapid and coordinated response to any loss or theft of data. 2. Employees and contractors should understand that they should report any loss or theft to the appropriate company official. 3. Test your data recovery from backup systems on a regular basis. Page 16
  • 17. CYBER SECURITY ACTION PLAN Let’s recap the six steps in developing your cybersecurity action plan: 1. Conduct an inventory of all data you have. 2. Once you've identified your data, keep a record of its location and move it to more appropriate locations as needed. 3. Develop a privacy policy. 4. Protect data collected on the Internet. 5. Create layers of security. 6. Plan for data loss or theft. Page 17
  • 18. QUESTIONS AND COMMENTS Any questions or experiences to share with the group before we move on to the next item on the agenda? Page 18
  • 19. AGENDA FORTODAY 1. Scams and 2. Data security – Developing an Action plan 3. CybersecurityTips 4. Resources Page 19
  • 20. CYBERSECURITYTIPS 1. Don’t ever say “It won’t happen to me.” 2. Train employees in security principles. Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data. 3. Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to; bad actors will often take advantage of spelling mistakes to direct you to a harmful domain. Page 20
  • 21. CYBERSECURITYTIPS (CONTINUED) 4. Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data. 5. Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information. Page 21
  • 22. CYBERSECURITYTIPS (CONTINUED) 6. Protect information, computers, and networks from cyber attacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. 7. Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are protected by a firewall. Page 22
  • 23. CYBERSECURITYTIPS (CONTINUED) 8. Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. 9. Make backup copies of important business data and information. Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. Page 23
  • 24. CYBERSECURITYTIPS (CONTINUED) 10. Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. 11. Secure yourWi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. Page 24
  • 25. CYBERSECURITYTIPS (CONTINUED) 12. Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet. 13. Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission. Page 25
  • 26. CYBERSECURITYTIPS (CONTINUED) 14. Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account. 15. Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. Page 26
  • 27. CYBERSECURITYTIPS (CONTINUED) 16. Identify a senior-level employee or qualified third party to lead your firm’s cybersecurity program. 17. Examine your insurance policies to ensure adequate cyber coverage levels. Page 27
  • 28. HOW CAN GPP HELPYOU? Don’t feel as though you need to come up with cyber strategies on your own. We are experienced in providing comments on control related matters to management. In addition, as a member of the BDO Alliance USA, we have access to resources that can help your organization as you navigate the cybersecurity risk and compliance landscape, including: • Guidance on conducting a cyber risk assessment • How to take inventory of your sensitive information • Develop and implement an incident response plan Page 28
  • 29. RESOURCES, REFERENCES AND CREDITS Page 29 1. Federal Communications Commission (FCC) i. https://www.fcc.gov/cyberplanner ii. https://apps.fcc.gov/edocs_public/attachmatch/DOC- 343096A1.pdf iii. https://apps.fcc.gov/edocs_public/attachmatch/DOC- 306595A1.pdf 2. 2017Verizon Data Breach Investigations Report (DBIR) http://www.verizonenterprise.com/verizon-insights- lab/dbir/2017/
  • 30. QUESTIONS AND COMMENTS? André Nel (214)-635-2607 anel@gppcpa.com Page 30
  • 31. If you have any questions please feel free to contact André Nel at: (214)-635-2607 anel@gppcpa.com