SlideShare a Scribd company logo

Auditing Archives: The Case of the File Sharing Franchisee

Download as PPTX, PDF
SecurityMetrics
SecurityMetrics

A franchisee owned over 100 restaurants and shared files between locations using a server at their corporate office, which had an insecure VPN connection set up by their third-party IT company. This allowed a hacker to crack the weak password and access the file server connected to all restaurant POS systems, enabling the download of malware to steal customer payment card data from over 100 locations. The security risks could have been prevented by requiring two-factor authentication for remote access and unique, complex passwords for each restaurant's systems.

Business
1 of 12
Auditing Archives Series The Case of the File-Sharing Franchisee
Business background Successful franchisee owns over 100 well-known restaurants in the Midwest.
Business background Shared files with restaurant management across states via a server at the corporate location.
Business background Used a third party IT company to configure system hardware and software for all restaurant locations.
How hackers could get in The corporate back office server that shared files across restaurant servers used an always-on, insecure, virtual private network (VPN) connection. IT staff configured the corporate office remote access insecurely, which provided access to the ‘flat’ internal network structure.
What is remote access? Remote access is the ability to access a computer or server from a remote location. It is often used in mid-large organizations among employees who need access to shared files and company networks. Unfortunately, it’s very common for remote access to be set up insecurely.
How hackers could get in A hacker could break into the insecure remote access at corporate headquarters by cracking an easily-guessable password, and find the file server connected to 100+ other restaurants via the always-on VPN connection.
How hackers could get in Once in the file server he could guess the in-store POS system password. One by one, he could download malware into each restaurant’s POS system and gain sensitive payment card data.
What the business did wrong Third party IT group configured all restaurant systems identically and with an easily guessable password.
What makes a good password? A password should not be found in a dictionary in any language. It should contain at least 8 upper and lower case letters, numbers, and special characters. Passwords should be changed every 90 days.
What they should have done This problem could have been prevented through more secure remote access at the corporate location. Specifically, requiring two-factor authentication for each login (e.g., a password and a one time code) and individual complex system passwords for each restaurant location.
SecurityMetrics We Protect Business Services PCI, HIPAA, & data security solutions for businesses of all sizes Qualifications Global provider of ASV, QSA, PFI, PA QSA, P2PE services Experience Assisted over 1 million organizations with compliance needs

Recommended

Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Firewall
FirewallFirewall
FirewallRahul Baghel
 
Types Of Computer Security Attacks
Types Of Computer Security AttacksTypes Of Computer Security Attacks
Types Of Computer Security Attacks
Centextech
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoring
Gabe Akisanmi
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
Kanha Sahu
 
Website Security
Website SecurityWebsite Security
Website Securityipower softwares
 

Recommended

Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Firewall
FirewallFirewall
FirewallRahul Baghel
 
Types Of Computer Security Attacks
Types Of Computer Security AttacksTypes Of Computer Security Attacks
Types Of Computer Security Attacks
Centextech
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoring
Gabe Akisanmi
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
Kanha Sahu
 
Website Security
Website SecurityWebsite Security
Website Securityipower softwares
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
EC-Council
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegido
Cisco do Brasil
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overview
Mohamed Sayed
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Syed Ubaid Ali Jafri
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security
ThrottleNet, Inc
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARETIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
WhiteHats
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
Raj vardhan
 
IT Security for Small Business
IT Security for Small BusinessIT Security for Small Business
IT Security for Small BusinessExecutive Management Solutions
 
Spyware, spying software, computer spying
Spyware, spying software, computer spying Spyware, spying software, computer spying
Spyware, spying software, computer spying
Ashish kumar Bhardwaj
 
Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
Vijilan IT Security solutions
 
Small Business Cyber Security Checklist
Small Business Cyber Security ChecklistSmall Business Cyber Security Checklist
Small Business Cyber Security Checklist
Gabriel Friedlander
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Jiri Danihelka
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
Education
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
Shitiz Upreti
 
Case - How to protect your website
Case - How to protect your websiteCase - How to protect your website
Case - How to protect your website
Phannarith Ou, G-CISO
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email Secure
Shawn Jordan
 
HEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONSHEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONS
Ken Dailey
 
Overview of RateSetter web security
Overview of RateSetter web security Overview of RateSetter web security
Overview of RateSetter web security
RateSetter
 

More Related Content

What's hot

What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
EC-Council
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegido
Cisco do Brasil
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overview
Mohamed Sayed
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Syed Ubaid Ali Jafri
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security
ThrottleNet, Inc
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARETIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
WhiteHats
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
Raj vardhan
 
Spyware, spying software, computer spying
Spyware, spying software, computer spying Spyware, spying software, computer spying
Spyware, spying software, computer spying
Ashish kumar Bhardwaj
 
Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
Vijilan IT Security solutions
 
Small Business Cyber Security Checklist
Small Business Cyber Security ChecklistSmall Business Cyber Security Checklist
Small Business Cyber Security Checklist
Gabriel Friedlander
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Jiri Danihelka
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
Education
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
Shitiz Upreti
 
Case - How to protect your website
Case - How to protect your websiteCase - How to protect your website
Case - How to protect your website
Phannarith Ou, G-CISO
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email Secure
Shawn Jordan
 

What's hot (20)

What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegido
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overview
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARETIPS TO PREVENT THE WANNA CRY RANSOMWARE
TIPS TO PREVENT THE WANNA CRY RANSOMWARE
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
 
IT Security for Small Business
IT Security for Small BusinessIT Security for Small Business
IT Security for Small Business
 
Spyware, spying software, computer spying
Spyware, spying software, computer spying Spyware, spying software, computer spying
Spyware, spying software, computer spying
 
Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
 
Small Business Cyber Security Checklist
Small Business Cyber Security ChecklistSmall Business Cyber Security Checklist
Small Business Cyber Security Checklist
 
Website security
Website securityWebsite security
Website security
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Case - How to protect your website
Case - How to protect your websiteCase - How to protect your website
Case - How to protect your website
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email Secure
 

Similar to Auditing Archives: The Case of the File Sharing Franchisee

HEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONSHEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONS
Ken Dailey
 
Overview of RateSetter web security
Overview of RateSetter web security Overview of RateSetter web security
Overview of RateSetter web security
RateSetter
 
hotel management
hotel managementhotel management
hotel management
ChetanaNikam1
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
SecurityMetrics
 
Impact IT Solutions : IT Support
Impact IT Solutions : IT SupportImpact IT Solutions : IT Support
Impact IT Solutions : IT Support
Impact IT Solutions UK
 
ImpactIT Solutions Support
ImpactIT Solutions SupportImpactIT Solutions Support
ImpactIT Solutions SupportJeff Povey
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-software
Divyanisetia
 
Cyber Security School Workshop
Cyber Security School WorkshopCyber Security School Workshop
Cyber Security School Workshop
Rahul Nayan
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
Engr. Md. Jamal Uddin Rayhan
 
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Private Cloud
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
KavitaDubey18
 
Network security
Network securityNetwork security
Network security
ROBERT S
 
Services and Products
Services and ProductsServices and Products
Services and Products
Technecessities
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses
Instasafe1
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Hokme
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
mallisonshavon
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
Protect your website
Protect your websiteProtect your website
Protect your website
Muthu Natarajan
 

Similar to Auditing Archives: The Case of the File Sharing Franchisee (20)

HEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONSHEM INNOVATIVE SOLUTIONS
HEM INNOVATIVE SOLUTIONS
 
Overview of RateSetter web security
Overview of RateSetter web security Overview of RateSetter web security
Overview of RateSetter web security
 
hotel management
hotel managementhotel management
hotel management
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Impact IT Solutions : IT Support
Impact IT Solutions : IT SupportImpact IT Solutions : IT Support
Impact IT Solutions : IT Support
 
ImpactIT Solutions Support
ImpactIT Solutions SupportImpactIT Solutions Support
ImpactIT Solutions Support
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-software
 
Cyber Security School Workshop
Cyber Security School WorkshopCyber Security School Workshop
Cyber Security School Workshop
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
 
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services Whitepaper
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
 
Network security
Network securityNetwork security
Network security
 
Services and Products
Services and ProductsServices and Products
Services and Products
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Security communication
Security communicationSecurity communication
Security communication
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Protect your website
Protect your websiteProtect your website
Protect your website
 

More from SecurityMetrics

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
SecurityMetrics
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
SecurityMetrics
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
SecurityMetrics
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
SecurityMetrics
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
SecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
SecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
SecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken MalwareSecurityMetrics
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsSecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
SecurityMetrics
 

More from SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 

Recently uploaded

Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
RajPriye
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
daothibichhang1
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
Any kyc Account
 

Recently uploaded (20)

Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
 

Auditing Archives: The Case of the File Sharing Franchisee

  • 1. Auditing Archives Series The Case of the File-Sharing Franchisee
  • 2. Business background Successful franchisee owns over 100 well-known restaurants in the Midwest.
  • 3. Business background Shared files with restaurant management across states via a server at the corporate location.
  • 4. Business background Used a third party IT company to configure system hardware and software for all restaurant locations.
  • 5. How hackers could get in The corporate back office server that shared files across restaurant servers used an always-on, insecure, virtual private network (VPN) connection. IT staff configured the corporate office remote access insecurely, which provided access to the ‘flat’ internal network structure.
  • 6. What is remote access? Remote access is the ability to access a computer or server from a remote location. It is often used in mid-large organizations among employees who need access to shared files and company networks. Unfortunately, it’s very common for remote access to be set up insecurely.
  • 7. How hackers could get in A hacker could break into the insecure remote access at corporate headquarters by cracking an easily-guessable password, and find the file server connected to 100+ other restaurants via the always-on VPN connection.
  • 8. How hackers could get in Once in the file server he could guess the in-store POS system password. One by one, he could download malware into each restaurant’s POS system and gain sensitive payment card data.
  • 9. What the business did wrong Third party IT group configured all restaurant systems identically and with an easily guessable password.
  • 10. What makes a good password? A password should not be found in a dictionary in any language. It should contain at least 8 upper and lower case letters, numbers, and special characters. Passwords should be changed every 90 days.
  • 11. What they should have done This problem could have been prevented through more secure remote access at the corporate location. Specifically, requiring two-factor authentication for each login (e.g., a password and a one time code) and individual complex system passwords for each restaurant location.
  • 12. SecurityMetrics We Protect Business Services PCI, HIPAA, & data security solutions for businesses of all sizes Qualifications Global provider of ASV, QSA, PFI, PA QSA, P2PE services Experience Assisted over 1 million organizations with compliance needs