SlideShare a Scribd company logo
Auditing Archives Series 
The Case of the File-Sharing 
Franchisee
Business background 
Successful franchisee 
owns over 100 
well-known restaurants 
in the Midwest.
Business background 
Shared files with restaurant 
management across states 
via a server at the corporate 
location.
Business background 
Used a third party IT company 
to configure system hardware 
and software for all restaurant 
locations.
How hackers could get in 
The corporate back office server 
that shared files across restaurant 
servers used an always-on, 
insecure, virtual private network 
(VPN) connection. 
IT staff configured the corporate 
office remote access insecurely, 
which provided access to the ‘flat’ 
internal network structure.
What is remote access? 
Remote access is the ability to 
access a computer or server 
from a remote location. It is 
often used in mid-large 
organizations among 
employees who need access to 
shared files and company 
networks. 
Unfortunately, it’s very common 
for remote access to be set up 
insecurely.
How hackers could get in 
A hacker could break into the 
insecure remote access at 
corporate headquarters by 
cracking an easily-guessable 
password, and find the file server 
connected to 100+ other 
restaurants via the always-on 
VPN connection.
How hackers could get in 
Once in the file server he could 
guess the in-store POS system 
password. 
One by one, he could download 
malware into each restaurant’s 
POS system and gain sensitive 
payment card data.
What the business did wrong 
Third party IT group 
configured all 
restaurant systems 
identically and with 
an easily guessable 
password.
What makes a good password? 
A password should not be found 
in a dictionary in any language. It 
should contain at least 8 upper 
and lower case letters, numbers, 
and special characters. 
Passwords should be changed 
every 90 days.
What they should have done 
This problem could have been prevented through more 
secure remote access at the corporate location. 
Specifically, requiring two-factor authentication for each login 
(e.g., a password and a one time code) and individual 
complex system passwords for each restaurant location.
SecurityMetrics 
We Protect Business 
Services 
PCI, HIPAA, & data 
security solutions for 
businesses of all sizes 
Qualifications 
Global provider of 
ASV, QSA, PFI, PA 
QSA, P2PE services 
Experience 
Assisted over 1 million 
organizations with 
compliance needs

More Related Content

What's hot

What's new in​ CEHv11?
What's new in​  CEHv11?What's new in​  CEHv11?
What's new in​ CEHv11?
EC-Council
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegido
Cisco do Brasil
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overview
Mohamed Sayed
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Syed Ubaid Ali Jafri
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security
ThrottleNet, Inc
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARETIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
WhiteHats
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
Raj vardhan
 
IT Security for Small Business
IT Security for Small BusinessIT Security for Small Business
IT Security for Small Business
Executive Management Solutions
 
Spyware, spying software, computer spying
Spyware, spying software, computer spying Spyware, spying software, computer spying
Spyware, spying software, computer spying
Ashish kumar Bhardwaj
 
Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
Vijilan IT Security solutions
 
Small Business Cyber Security Checklist
Small Business Cyber Security ChecklistSmall Business Cyber Security Checklist
Small Business Cyber Security Checklist
Gabriel Friedlander
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Jiri Danihelka
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
Education
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
Shitiz Upreti
 
Case - How to protect your website
Case - How to protect your websiteCase - How to protect your website
Case - How to protect your website
Phannarith Ou, G-CISO
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email Secure
Shawn Jordan
 

What's hot (20)

What's new in​ CEHv11?
What's new in​  CEHv11?What's new in​  CEHv11?
What's new in​ CEHv11?
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegido
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overview
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARETIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
 
IT Security for Small Business
IT Security for Small BusinessIT Security for Small Business
IT Security for Small Business
 
Spyware, spying software, computer spying
Spyware, spying software, computer spying Spyware, spying software, computer spying
Spyware, spying software, computer spying
 
Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
 
Small Business Cyber Security Checklist
Small Business Cyber Security ChecklistSmall Business Cyber Security Checklist
Small Business Cyber Security Checklist
 
Website security
Website securityWebsite security
Website security
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Case - How to protect your website
Case - How to protect your websiteCase - How to protect your website
Case - How to protect your website
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email Secure
 

Similar to Auditing Archives: The Case of the File Sharing Franchisee

HEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONSHEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONS
Ken Dailey
 
Overview of RateSetter web security
Overview of RateSetter web security Overview of RateSetter web security
Overview of RateSetter web security
RateSetter
 
hotel management
hotel managementhotel management
hotel management
ChetanaNikam1
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
SecurityMetrics
 
Impact IT Solutions : IT Support
Impact IT Solutions  :  IT SupportImpact IT Solutions  :  IT Support
Impact IT Solutions : IT Support
Impact IT Solutions UK
 
ImpactIT Solutions Support
ImpactIT Solutions  SupportImpactIT Solutions  Support
ImpactIT Solutions Support
Jeff Povey
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-software
Divyanisetia
 
Cyber Security School Workshop
Cyber Security School WorkshopCyber Security School Workshop
Cyber Security School Workshop
Rahul Nayan
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
Engr. Md. Jamal Uddin Rayhan
 
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Private Cloud
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
KavitaDubey18
 
Network security
Network securityNetwork security
Network security
ROBERT S
 
Services and Products
Services and ProductsServices and Products
Services and Products
Technecessities
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses
Instasafe1
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Hokme
 
Security communication
Security communicationSecurity communication
Security communication
Say Shyong
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
mallisonshavon
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
Protect your website
Protect your websiteProtect your website
Protect your website
Muthu Natarajan
 

Similar to Auditing Archives: The Case of the File Sharing Franchisee (20)

HEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONSHEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONS
 
Overview of RateSetter web security
Overview of RateSetter web security Overview of RateSetter web security
Overview of RateSetter web security
 
hotel management
hotel managementhotel management
hotel management
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Impact IT Solutions : IT Support
Impact IT Solutions  :  IT SupportImpact IT Solutions  :  IT Support
Impact IT Solutions : IT Support
 
ImpactIT Solutions Support
ImpactIT Solutions  SupportImpactIT Solutions  Support
ImpactIT Solutions Support
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-software
 
Cyber Security School Workshop
Cyber Security School WorkshopCyber Security School Workshop
Cyber Security School Workshop
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
 
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services Whitepaper
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
 
Network security
Network securityNetwork security
Network security
 
Services and Products
Services and ProductsServices and Products
Services and Products
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Security communication
Security communicationSecurity communication
Security communication
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Protect your website
Protect your websiteProtect your website
Protect your website
 

More from SecurityMetrics

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
SecurityMetrics
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
SecurityMetrics
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
SecurityMetrics
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
SecurityMetrics
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
SecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
SecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
SecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
SecurityMetrics
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
SecurityMetrics
 

More from SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 

Recently uploaded

How to use lace front wig importance and
How to use lace front wig importance andHow to use lace front wig importance and
How to use lace front wig importance and
kaporej505
 
Look at our July library display on Mining
Look at our July library display on MiningLook at our July library display on Mining
Look at our July library display on Mining
NZSG
 
Mobile Application pentesting blog.docx.pdf
Mobile Application pentesting blog.docx.pdfMobile Application pentesting blog.docx.pdf
Mobile Application pentesting blog.docx.pdf
fortbridge4
 
upGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptxupGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptx
himanshubclubofgsv
 
Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...
Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...
Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...
grouphirani24
 
Maximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning WorkshopMaximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning Workshop
chris908327
 
Floating Pontoon | Premier marine solution
Floating Pontoon | Premier marine solutionFloating Pontoon | Premier marine solution
Floating Pontoon | Premier marine solution
PMSME
 
Activated Carbon Manufacturing Plant Project Report.pdf
Activated Carbon Manufacturing Plant Project Report.pdfActivated Carbon Manufacturing Plant Project Report.pdf
Activated Carbon Manufacturing Plant Project Report.pdf
rudrap2099
 
Standard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital MarketingStandard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital Marketing
Dipendra Prasad Poudel
 
DPI Playbook for MOSIP MIS framework India
DPI Playbook for MOSIP MIS framework IndiaDPI Playbook for MOSIP MIS framework India
DPI Playbook for MOSIP MIS framework India
Zaheer Parvez
 
Movers near me in Dubai , Best Packers and Movers In Dubai
Movers near me in Dubai , Best Packers and Movers In DubaiMovers near me in Dubai , Best Packers and Movers In Dubai
Movers near me in Dubai , Best Packers and Movers In Dubai
imranmalik114455
 
High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...
High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...
High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...
susmagarg02
 
HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...
HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...
HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...
pranjalgarg474
 
What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.
Doug Hall
 
California Carpet Stewardship Program Q1 2024
California Carpet Stewardship Program Q1 2024California Carpet Stewardship Program Q1 2024
California Carpet Stewardship Program Q1 2024
Carpet America Recovery Effort
 
The Importance of Public Relations for New Graduates.pdf
The Importance of Public Relations for New Graduates.pdfThe Importance of Public Relations for New Graduates.pdf
The Importance of Public Relations for New Graduates.pdf
Posh Concepts
 
Solution manual for canadian income taxation 20222023 25th edition by william...
Solution manual for canadian income taxation 20222023 25th edition by william...Solution manual for canadian income taxation 20222023 25th edition by william...
Solution manual for canadian income taxation 20222023 25th edition by william...
stanslausnzuki569
 
ShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptxShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptx
macwanvancy
 
YouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdfYouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdf
grizzyhuncho
 
EN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdf
EN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdfEN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdf
EN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdf
ivanparu86
 

Recently uploaded (20)

How to use lace front wig importance and
How to use lace front wig importance andHow to use lace front wig importance and
How to use lace front wig importance and
 
Look at our July library display on Mining
Look at our July library display on MiningLook at our July library display on Mining
Look at our July library display on Mining
 
Mobile Application pentesting blog.docx.pdf
Mobile Application pentesting blog.docx.pdfMobile Application pentesting blog.docx.pdf
Mobile Application pentesting blog.docx.pdf
 
upGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptxupGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptx
 
Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...
Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...
Why is Structural Engineering Critical in Disaster Preparedness and Resilienc...
 
Maximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning WorkshopMaximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning Workshop
 
Floating Pontoon | Premier marine solution
Floating Pontoon | Premier marine solutionFloating Pontoon | Premier marine solution
Floating Pontoon | Premier marine solution
 
Activated Carbon Manufacturing Plant Project Report.pdf
Activated Carbon Manufacturing Plant Project Report.pdfActivated Carbon Manufacturing Plant Project Report.pdf
Activated Carbon Manufacturing Plant Project Report.pdf
 
Standard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital MarketingStandard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital Marketing
 
DPI Playbook for MOSIP MIS framework India
DPI Playbook for MOSIP MIS framework IndiaDPI Playbook for MOSIP MIS framework India
DPI Playbook for MOSIP MIS framework India
 
Movers near me in Dubai , Best Packers and Movers In Dubai
Movers near me in Dubai , Best Packers and Movers In DubaiMovers near me in Dubai , Best Packers and Movers In Dubai
Movers near me in Dubai , Best Packers and Movers In Dubai
 
High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...
High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...
High Girls Call Nashik 000XX00000 Provide Best And Top Girl Service And No1 i...
 
HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...
HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...
HiFi Girls Call Surat 000XX00000 Provide Best And Top Girl Service And No1 in...
 
What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.
 
California Carpet Stewardship Program Q1 2024
California Carpet Stewardship Program Q1 2024California Carpet Stewardship Program Q1 2024
California Carpet Stewardship Program Q1 2024
 
The Importance of Public Relations for New Graduates.pdf
The Importance of Public Relations for New Graduates.pdfThe Importance of Public Relations for New Graduates.pdf
The Importance of Public Relations for New Graduates.pdf
 
Solution manual for canadian income taxation 20222023 25th edition by william...
Solution manual for canadian income taxation 20222023 25th edition by william...Solution manual for canadian income taxation 20222023 25th edition by william...
Solution manual for canadian income taxation 20222023 25th edition by william...
 
ShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptxShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptx
 
YouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdfYouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdf
 
EN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdf
EN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdfEN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdf
EN_Chinese-Automotive-in-SEA-Vero-White-Paper_2023.pdf
 

Auditing Archives: The Case of the File Sharing Franchisee

  • 1. Auditing Archives Series The Case of the File-Sharing Franchisee
  • 2. Business background Successful franchisee owns over 100 well-known restaurants in the Midwest.
  • 3. Business background Shared files with restaurant management across states via a server at the corporate location.
  • 4. Business background Used a third party IT company to configure system hardware and software for all restaurant locations.
  • 5. How hackers could get in The corporate back office server that shared files across restaurant servers used an always-on, insecure, virtual private network (VPN) connection. IT staff configured the corporate office remote access insecurely, which provided access to the ‘flat’ internal network structure.
  • 6. What is remote access? Remote access is the ability to access a computer or server from a remote location. It is often used in mid-large organizations among employees who need access to shared files and company networks. Unfortunately, it’s very common for remote access to be set up insecurely.
  • 7. How hackers could get in A hacker could break into the insecure remote access at corporate headquarters by cracking an easily-guessable password, and find the file server connected to 100+ other restaurants via the always-on VPN connection.
  • 8. How hackers could get in Once in the file server he could guess the in-store POS system password. One by one, he could download malware into each restaurant’s POS system and gain sensitive payment card data.
  • 9. What the business did wrong Third party IT group configured all restaurant systems identically and with an easily guessable password.
  • 10. What makes a good password? A password should not be found in a dictionary in any language. It should contain at least 8 upper and lower case letters, numbers, and special characters. Passwords should be changed every 90 days.
  • 11. What they should have done This problem could have been prevented through more secure remote access at the corporate location. Specifically, requiring two-factor authentication for each login (e.g., a password and a one time code) and individual complex system passwords for each restaurant location.
  • 12. SecurityMetrics We Protect Business Services PCI, HIPAA, & data security solutions for businesses of all sizes Qualifications Global provider of ASV, QSA, PFI, PA QSA, P2PE services Experience Assisted over 1 million organizations with compliance needs