SlideShare a Scribd company logo

Cybersecurity: How Safe Is Your Organization?

Download as PPTX, PDF
CBIZ, Inc.
CBIZ, Inc.

Michael Hannan explains the importance of having strong cybersecurity for your business and what you can to do mitigate a cyber disaster.

1 of 20
Cybersecurity: HOW SAFE IS YOUR ORGANIZATION?
Speaker MICHAEL has led a number of IT risk assessments, Sarbanes-Oxley Section 404 projects, SOC audits, and third party internal control attestations. He is a certified Information Systems Auditor and a member of the Institute of Internal Auditors. 816-945-5668 • mhannan@cbiz.com MICHAEL HANNAN, CISA Manager, Business and Technology Risk, CBIZ MHM 2 CBIZ, Inc.
3 CBIZ, Inc. SMB in the Crosshairs
CBIZ, Inc.4 Has your business assessed the impact on operations if an intruder gained access to your proprietary bidding model and sold it to your competitors, or stole bank account credentials to conduct fraudulent transactions? Would your business be able to recover and remain competitive?
FINANCIAL INSTITUTIONS Why is cyber risk a top concern? 5 CBIZ, Inc. Cyber crime is exploding. Regulatory compliance, stakeholder concerns, liability, litigation, business interruption, reputation . . . there’s a lot to manage and a lot at stake. Increased Regulatory Scrutiny Risk to Brand and Reputation Litigation- Inadequate Board Oversight Litigation - Employees on Social MediaCyber Extortion Fraud Regulatory Fines Data Breach Costs Litigation- Loss of Customer Data
Goals for Attackers 6 - Access to Personal Information. While contractors may not have as much personally identifiable information (PII) as a retailer or financial institution, construction firms still have employee information that could include social security numbers, bank accounts for payroll, as well as healthcare information. - Access to proprietary corporate assets including privileged contracts, project/bid data, architectural designs (including security designs), and intellectual property. Hackers may also target information regarding a construction organization’s bank and other financial accounts via social engineering and phishing schemes, and then attempt to entice an employee to unwittingly transfer corporate funds/assets. - Access to personal information on other organization’s servers. One of the most prominent examples of this is the Target breach in which the initial intrusion was traced back to credentials stolen from an HVAC contractor. Disgruntled employees or subcontractors may wish to embarrass the organization. - Extortion (CryptoLocker). CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. This ransomware is typically propagated as an attachment or link associated with a seemingly innocuous e-mail message. The intent is to breach a corporation’s systems spreading malware and encrypting corporate data. The company is then forced to pay a ransom in order to recover/unlock any data that has not been backed up. CBIZ, Inc.
7 CBIZ, Inc. Cyber Risk The Human Element Approx. 95% of security incidents are caused by human error:  System misconfiguration  Poor patch management  Use of default usernames and passwords or easy-to-guess passwords  Lost devices  Sending sensitive information to an incorrect email address or from a personal email address
Recent Attacks CBIZ, Inc.8 Turner Construction falls victim to phishing scam that affects employees nationwide – April 2016 Seagate - 10,000 W-2 tax documents were released by an employee during a successful phishing scam. Individual at Boeing discloses 36,000 employees information after seeking “document formatting” assistance from spouse – February 2017
CBIZ, Inc.9 Another Threat - Ransomware  Defined as “a type of malicious software designed to block access to a computer system until a sum of money is paid.”  Most recent WannaCry Ransomware  Users held to ransom to pay a fee in virtual currency to retrieve their content. Locks the screen Encrypts the files and threatens user with a countdown. Selected files are deleted every hour until the ransom is paid.
Case Study: DUMPSTER DIVING 10 CBIZ, Inc. Bad actors go through your dumpsters in search of customer account numbers, Social Security numbers, employee directories, executive calendars and signatures. PREVENTION  Contract with an outside document destruction company.  Have shred bins for sensitive documentation easily accessible to employees.  Post educational materials in proper locations to help employees know what not to place in trash receptacles
Case Study: PHISHING 11 CBIZ, Inc. Email Phishing can provide outside parties an entry point to sensitive information. PREVENTION  Continuously educate and remind employees about the risks of email phishing and how to identify an email phish  Deploy email scanning software  Test employees by performing email phishing tests periodically Nearly 2/3 of the security incidents involved phishing attacks.
Case Study: PRETEXTING 12 CBIZ, Inc. Unsuspecting individuals may fall victim to a face-to-face encounter with an attacker and never realize it. PREVENTION  Have all non-employees sign-in with every visit and allow no employees access to restricted areas without prior approval from a supervisor  Know your vendors—never allow unscheduled vendors access to any restricted or secured area  Train employees how to handle a person who never says no and what targets a social engineer might try to acquire
CBIZ, Inc.13 Breaches Occur Because Companies Fall Short Do you…  know what controls are in place and working consistently to defend the company’s electronic and physical data?  know when IT controls fail?  know when your company security environment has been breached?  know your obligation(s) in the event of a data breach?  know that all employees are trained at least annually on the proper handling of removable media (such as thumb drives, laptops, etc.) and email protocols of sensitive data?
CBIZ, Inc.14 Cost of Data Breach Average cost per record of a data breach: $221 Average records exposed per breach: 29,611 Average cost spent on notification: $590,000 Average cost of post discovery efforts (costs include implementing hotline, credit monitoring, fines, etc.): $1,720,000 Average loss of business and reputation: $3,970,000 Compiled from: -2016 Ponemon Institute Cost of Data Breach
CBIZ, Inc.15 Educate Their Users on Security Monitor Network Activity Report Suspicious Activity Perform External / Internal Penetration Test Conduct Phishing Campaigns Obtain Cybersecurity Insurance What Can Management Do
CBIZ, Inc.16 Do you have cybersecurity insurance? Do you understand how the policy works? Do you know what coverages you have for various incidents? Does your policy protect information on unencrypted devices or mobile devices? Does your policy cover identity theft resolution services for those affected individuals? What other limitations exist in the policy? What does the policy not cover? Cybersecurity Insurance
CBIZ, Inc.17  Are they clearly identified?  How secure are these third-party providers?  Who in the company is responsible for these third-party providers?  How are security violations reported?  How are controls monitored for these third- party providers?  Do they have access into your network or systems and how is that access granted/revoked timely? 3rd Party Providers and the Cloud
? QUESTIONS ? ?? 18 CBIZ, Inc.
Connect with Us linkedin.com/company/cbiz @cbz youtube.com/BizTipsVideos slideshare.net/CBIZInc www.facebook.com/cbizservices 19 CBIZ, Inc.
20

Recommended

Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
illustro
 
Insider Threat
Insider ThreatInsider Threat
Insider Threat
Andy Thompson
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 

Recommended

Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
illustro
 
Insider Threat
Insider ThreatInsider Threat
Insider Threat
Andy Thompson
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.
Matt Lemon
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
Carol Meng-Shih Wang
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
Matt Frowert
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
Helen Carpenter
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
CBIZ, Inc.
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
seadeloitte
 
Data security
Data security Data security
Data security
Laura Breese
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
Social engineering
Social engineeringSocial engineering
Social engineering
Bola Oduyale
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
Farook Al-Jibouri
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
jc06442n
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
seadeloitte
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
Ban Selvakumar
 

More Related Content

What's hot

Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.
Matt Lemon
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
Carol Meng-Shih Wang
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
Matt Frowert
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
Helen Carpenter
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
CBIZ, Inc.
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
seadeloitte
 
Data security
Data security Data security
Data security
Laura Breese
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
Social engineering
Social engineeringSocial engineering
Social engineering
Bola Oduyale
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
Farook Al-Jibouri
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
jc06442n
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
seadeloitte
 

What's hot (20)

Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 
Data security
Data security Data security
Data security
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 

Similar to Cybersecurity: How Safe Is Your Organization?

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
Ban Selvakumar
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
IRJET Journal
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
Anvesh Vision Private Limited
 
The Top Cybersecurity Threats Frightening Small Businesses Today
The Top Cybersecurity Threats Frightening Small Businesses TodayThe Top Cybersecurity Threats Frightening Small Businesses Today
The Top Cybersecurity Threats Frightening Small Businesses Today
PC Doctors NET
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur ReviewHow to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
TheEntrepreneurRevie
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
larry1401
 
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
TheEntrepreneurRevie
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
Guise Bule
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
mallisonshavon
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
NorthCoastHDI
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
FitCEO, Inc. (FCI)
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacks
Company
 
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
ArielMcCurdy
 

Similar to Cybersecurity: How Safe Is Your Organization? (20)

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
 
The Top Cybersecurity Threats Frightening Small Businesses Today
The Top Cybersecurity Threats Frightening Small Businesses TodayThe Top Cybersecurity Threats Frightening Small Businesses Today
The Top Cybersecurity Threats Frightening Small Businesses Today
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur ReviewHow to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacks
 
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
 

More from CBIZ, Inc.

BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
CBIZ, Inc.
 
BIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special EditionBIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special Edition
CBIZ, Inc.
 
The Advantage — Summer 2023
The Advantage — Summer 2023The Advantage — Summer 2023
The Advantage — Summer 2023
CBIZ, Inc.
 
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special EditionBIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
CBIZ, Inc.
 
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special EditionBIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
CBIZ, Inc.
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
CBIZ, Inc.
 
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of CreditConnections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
CBIZ, Inc.
 
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased ConsumerismCustom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
CBIZ, Inc.
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
CBIZ, Inc.
 
BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022
CBIZ, Inc.
 
Inflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CREInflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CRE
CBIZ, Inc.
 
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ, Inc.
 
Rethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top TalentRethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top Talent
CBIZ, Inc.
 
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your ExposuresCommon Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
CBIZ, Inc.
 
How the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax FunctionHow the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax Function
CBIZ, Inc.
 
Using Technology to Secure Talent
Using Technology to Secure TalentUsing Technology to Secure Talent
Using Technology to Secure Talent
CBIZ, Inc.
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
CBIZ, Inc.
 
BIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special EditionBIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special Edition
CBIZ, Inc.
 
Tax incentive alert KS
Tax incentive alert KSTax incentive alert KS
Tax incentive alert KS
CBIZ, Inc.
 
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ, Inc.
 

More from CBIZ, Inc. (20)

BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
BIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special EditionBIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special Edition
 
The Advantage — Summer 2023
The Advantage — Summer 2023The Advantage — Summer 2023
The Advantage — Summer 2023
 
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special EditionBIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
 
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special EditionBIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of CreditConnections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
 
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased ConsumerismCustom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
 
BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022
 
Inflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CREInflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CRE
 
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
 
Rethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top TalentRethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top Talent
 
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your ExposuresCommon Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
 
How the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax FunctionHow the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax Function
 
Using Technology to Secure Talent
Using Technology to Secure TalentUsing Technology to Secure Talent
Using Technology to Secure Talent
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
 
BIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special EditionBIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special Edition
 
Tax incentive alert KS
Tax incentive alert KSTax incentive alert KS
Tax incentive alert KS
 
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 

Cybersecurity: How Safe Is Your Organization?

  • 1. Cybersecurity: HOW SAFE IS YOUR ORGANIZATION?
  • 2. Speaker MICHAEL has led a number of IT risk assessments, Sarbanes-Oxley Section 404 projects, SOC audits, and third party internal control attestations. He is a certified Information Systems Auditor and a member of the Institute of Internal Auditors. 816-945-5668 • mhannan@cbiz.com MICHAEL HANNAN, CISA Manager, Business and Technology Risk, CBIZ MHM 2 CBIZ, Inc.
  • 3. 3 CBIZ, Inc. SMB in the Crosshairs
  • 4. CBIZ, Inc.4 Has your business assessed the impact on operations if an intruder gained access to your proprietary bidding model and sold it to your competitors, or stole bank account credentials to conduct fraudulent transactions? Would your business be able to recover and remain competitive?
  • 5. FINANCIAL INSTITUTIONS Why is cyber risk a top concern? 5 CBIZ, Inc. Cyber crime is exploding. Regulatory compliance, stakeholder concerns, liability, litigation, business interruption, reputation . . . there’s a lot to manage and a lot at stake. Increased Regulatory Scrutiny Risk to Brand and Reputation Litigation- Inadequate Board Oversight Litigation - Employees on Social MediaCyber Extortion Fraud Regulatory Fines Data Breach Costs Litigation- Loss of Customer Data
  • 6. Goals for Attackers 6 - Access to Personal Information. While contractors may not have as much personally identifiable information (PII) as a retailer or financial institution, construction firms still have employee information that could include social security numbers, bank accounts for payroll, as well as healthcare information. - Access to proprietary corporate assets including privileged contracts, project/bid data, architectural designs (including security designs), and intellectual property. Hackers may also target information regarding a construction organization’s bank and other financial accounts via social engineering and phishing schemes, and then attempt to entice an employee to unwittingly transfer corporate funds/assets. - Access to personal information on other organization’s servers. One of the most prominent examples of this is the Target breach in which the initial intrusion was traced back to credentials stolen from an HVAC contractor. Disgruntled employees or subcontractors may wish to embarrass the organization. - Extortion (CryptoLocker). CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. This ransomware is typically propagated as an attachment or link associated with a seemingly innocuous e-mail message. The intent is to breach a corporation’s systems spreading malware and encrypting corporate data. The company is then forced to pay a ransom in order to recover/unlock any data that has not been backed up. CBIZ, Inc.
  • 7. 7 CBIZ, Inc. Cyber Risk The Human Element Approx. 95% of security incidents are caused by human error:  System misconfiguration  Poor patch management  Use of default usernames and passwords or easy-to-guess passwords  Lost devices  Sending sensitive information to an incorrect email address or from a personal email address
  • 8. Recent Attacks CBIZ, Inc.8 Turner Construction falls victim to phishing scam that affects employees nationwide – April 2016 Seagate - 10,000 W-2 tax documents were released by an employee during a successful phishing scam. Individual at Boeing discloses 36,000 employees information after seeking “document formatting” assistance from spouse – February 2017
  • 9. CBIZ, Inc.9 Another Threat - Ransomware  Defined as “a type of malicious software designed to block access to a computer system until a sum of money is paid.”  Most recent WannaCry Ransomware  Users held to ransom to pay a fee in virtual currency to retrieve their content. Locks the screen Encrypts the files and threatens user with a countdown. Selected files are deleted every hour until the ransom is paid.
  • 10. Case Study: DUMPSTER DIVING 10 CBIZ, Inc. Bad actors go through your dumpsters in search of customer account numbers, Social Security numbers, employee directories, executive calendars and signatures. PREVENTION  Contract with an outside document destruction company.  Have shred bins for sensitive documentation easily accessible to employees.  Post educational materials in proper locations to help employees know what not to place in trash receptacles
  • 11. Case Study: PHISHING 11 CBIZ, Inc. Email Phishing can provide outside parties an entry point to sensitive information. PREVENTION  Continuously educate and remind employees about the risks of email phishing and how to identify an email phish  Deploy email scanning software  Test employees by performing email phishing tests periodically Nearly 2/3 of the security incidents involved phishing attacks.
  • 12. Case Study: PRETEXTING 12 CBIZ, Inc. Unsuspecting individuals may fall victim to a face-to-face encounter with an attacker and never realize it. PREVENTION  Have all non-employees sign-in with every visit and allow no employees access to restricted areas without prior approval from a supervisor  Know your vendors—never allow unscheduled vendors access to any restricted or secured area  Train employees how to handle a person who never says no and what targets a social engineer might try to acquire
  • 13. CBIZ, Inc.13 Breaches Occur Because Companies Fall Short Do you…  know what controls are in place and working consistently to defend the company’s electronic and physical data?  know when IT controls fail?  know when your company security environment has been breached?  know your obligation(s) in the event of a data breach?  know that all employees are trained at least annually on the proper handling of removable media (such as thumb drives, laptops, etc.) and email protocols of sensitive data?
  • 14. CBIZ, Inc.14 Cost of Data Breach Average cost per record of a data breach: $221 Average records exposed per breach: 29,611 Average cost spent on notification: $590,000 Average cost of post discovery efforts (costs include implementing hotline, credit monitoring, fines, etc.): $1,720,000 Average loss of business and reputation: $3,970,000 Compiled from: -2016 Ponemon Institute Cost of Data Breach
  • 15. CBIZ, Inc.15 Educate Their Users on Security Monitor Network Activity Report Suspicious Activity Perform External / Internal Penetration Test Conduct Phishing Campaigns Obtain Cybersecurity Insurance What Can Management Do
  • 16. CBIZ, Inc.16 Do you have cybersecurity insurance? Do you understand how the policy works? Do you know what coverages you have for various incidents? Does your policy protect information on unencrypted devices or mobile devices? Does your policy cover identity theft resolution services for those affected individuals? What other limitations exist in the policy? What does the policy not cover? Cybersecurity Insurance
  • 17. CBIZ, Inc.17  Are they clearly identified?  How secure are these third-party providers?  Who in the company is responsible for these third-party providers?  How are security violations reported?  How are controls monitored for these third- party providers?  Do they have access into your network or systems and how is that access granted/revoked timely? 3rd Party Providers and the Cloud
  • 20. 20