This document provides information security recommendations and best practices for small businesses. It discusses identifying critical business assets, safeguarding people, processes, and technology. Specific recommendations include implementing policies, access controls, backups, antivirus software, firewalls, wireless security, software patching, and employee training. The document emphasizes establishing a strong security foundation through assessing risks and prioritizing asset protection based on confidentiality, integrity, and availability needs.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Cybersecurity Awareness Posters - Set #2NetLockSmith
Posters for National Cyber Security Awareness Month. All are from government entities and free for use (Unmarked ones are from the Montana state government.)
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Cybersecurity Awareness Posters - Set #2NetLockSmith
Posters for National Cyber Security Awareness Month. All are from government entities and free for use (Unmarked ones are from the Montana state government.)
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
This presentation is designed to give an insight into cyber risk.
The importance of protecting your data has never been more significant. Every week the media features stories of companies suffering data breeches leading to financial difficulties and unhappy customers.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Small Business Guide to Information Security Leo Welder
http://www.choosewhat.com/ (ChooseWhat.com) brings small business owners and entrepreneurs a Step-By-Step Guide to Keeping Your Sensitive Information Secure. Embed this on your own blog, share it with your social network or let us know if we can help!
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
This presentation is designed to give an insight into cyber risk.
The importance of protecting your data has never been more significant. Every week the media features stories of companies suffering data breeches leading to financial difficulties and unhappy customers.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Small Business Guide to Information Security Leo Welder
http://www.choosewhat.com/ (ChooseWhat.com) brings small business owners and entrepreneurs a Step-By-Step Guide to Keeping Your Sensitive Information Secure. Embed this on your own blog, share it with your social network or let us know if we can help!
Ieee projects 2012 2013 - Mobile ComputingK Sundaresh Ka
ieee projects download, base paper for ieee projects, ieee projects list, ieee projects titles, ieee projects for cse, ieee projects on networking,ieee projects 2012, ieee projects 2013, final year project, computer science final year projects, final year projects for information technology, ieee final year projects, final year students projects, students projects in java, students projects download, students projects in java with source code, students projects architecture, free ieee papers
Content Marketing: Wie kann Ihr Business davon profitieren?Martin Bredl
Content Marketing ist wesentlich effizienter als traditionelles Marketing. Mit nützlichen Inhalten können Sie Ihre Zielgruppe erreichen bzw. Ihre Zielgruppe findet Sie über Google. Leads generieren Sie mit Landingpages und wenn Sie anschließend diese Leads gut pflegen ist eine hohe Kaufabschlußrate garantiert
"Cybercriminals are more aggressive and technically proficient - they are professional, industrialized with well-defined organizational structures" "It’s now more than ever IT security professionals, businesses, agencies, and authorities need to collaborate and function as a unified force, exchanging resources, information, and intelligence to reduce the threat of Cybercriminal activities."
BIZGrowth Strategies — Cybersecurity Special Edition 2023CBIZ, Inc.
As cybercriminals continue to advance and evolve, a stagnant cyber risk management approach is simply not an option. Further, the prevalence of cyber breaches means cybersecurity is not solely an IT concern. It takes a robust set of processes and people from across your organization, working together toward a common goal. We offer fresh insights to help protect your organization from cyberthreats in multiple operational areas. Articles include:
- How Cybercriminals Are Weaponizing Artificial Intelligence
- Employee Benefits Cyber Risk Exposure Scorecard
- Closing the Security Gap: Managing Vendor Cyber Risk
- Retirement Plan Sponsor Cybersecurity Checklist
- Protect Your Digital Frontline With Employee Training
Businesses of all sizes are targeted by hackers to gain access to proprietary and customer data, threatening your ability to operate or even remain open for business.
Learn how to protect your business from threats and position it for growth.
Long-term care financial professionals need to be aware of two major technology trends in the healthcare industry: business intelligence and data security.
Keep Up with the Demands of IT Security on a Nonprofit BudgetBVU
The technical requirements facing nonprofits are challenging and complex due to budgetary constraints, and the demands for secure and reliable access to data regulators, clients, donors, and board members. We will explore different tools non-profits can leverage for better IT security practices that won't break your IT budget, including cloud based anti-virus solutions, Intrusion Detection and Prevention Systems, and data backup in the cloud. Additionally, you will learn how tools built within Office 365 (available for free to qualified nonprofits from Microsoft), such as Email Encryption and Mobile Device Management, enable non-profits to operate more efficiently and securely.
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
According to the latest research from cyber security firm, Kamino, 45% of financial advisers had experienced a cyber incident last year.
Julian Plummer, founder of Kamino, delves into why cyber security is a very real issue for financial advisers and their clients, and the types of cyber incidents that are impacting the financial planning industry. He also provides easy to implement measures to help you improve the cyber security of your practice.
Often when organizations are expanding rapidly, they do not give sufficient and necessary focus on information security aspects and guidelines, specifically IP protection.
Cybersecurity- What Retailers Need To KnowShantam Goel
The retail industry is favorite among cyber-attackers due to a large number of payment transactions on a regular basis. Protect your retail business from cyber-attacks. Cybersecurity is a major concern for retailers that need to be advanced with time.
This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ's engagement with the business community - a relationship we value. This engagement ensures we don't get all locked up in our ivory tower.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Similar to Information security for small business (20)
2010 National BDPA Technology Conference Presentation
Date: Aug 2010
Topic: Mastering linkedIn Advanced Techniques and Insider Secrets BDPA National Presentation
Presenter: Keith Warwick
Tittle: Professional Development Toolkit
Date: 4/5/2010
BY: National VP of Business Management/President Elect Monique Berry.
This tool can be used to plan or map out steps/actions toward career development.
This document will also be uploaded and available in the BDPA Portal. Thank you to Monique for providing this.
June 10, 2010 BDPA Charlotte Program Meeting Presentation.
Presenter:
Markus Beamer, BDPA Charlotte President Elect
Topic:
Intelligent Data Strategies - Intro to Data Marts and Data Warehouses
February 10, 2011 BDPA Charlotte Program meeting.
Presented by:
Karen D. Hill, RHIA
Recruitment/Placement Specialist
ONC HIT Grant
Health Sciences Division
Central Piedmont Community College
Health Information Technology Workforce Development Program
Central Piedmont Community College
The BDPA is the premier organization for African Americans in the Information Technology field.
Become a powerful voice in the Information Technology industry that represents the interests of our members and community.
"...Advancing Careers From The Classroom To The Boardroom"
More from BDPA Charlotte - Information Technology Thought Leaders (10)
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
4. Microsoft Certified System Engineer (MSCE).Julius Clark Sr. Location: Charlotte, NC Current home, been residing in Charlotte, NC for over 10 years Hometown Boston, Ma Profession Information Security Professional. 2
30. What Is Information Security? Confidentiality Concept of protecting information from improper disclosure and protecting the secrecy and privacy of sensitive data so that the intellectual property and reputation of an organization is not damaged and that data related to individuals is not released in violation of regulations or the privacy policy of the organization. - From the CISSP® CBK® 12
31. What Is Information Security? Integrity Addresses two objects, which are protecting data and processes from improper modification, and ensuring the operations of the information is reliable and performing as expected. - From the CISSP® CBK® 13
32. What Is Information Security? Availability The concept of ensuring that the systems and data can be accessed when required. Availability is impacted by human error, cabling problems, software bug, hardware failures, loss of skilled staff, malicious code, and the many other threats that can render a system un-usable or unreliable. - From the CISSP® CBK®: 14
37. Components of Information Security Architecture People People are the weakest link of a business’ process. You all know why! 17
38. Components of Information Security Architecture Processes The operational aspects of small business. Safeguards can be automated or manual. 18
39. Components of Information Security Architecture Technology All of the tools, applications, software, and infrastructure that allows a business process to work and perform efficiently. Thus as a business owner you must ensure that you have adequate logical controls in place to help you stay on track with your business’ mission or purpose. 19
54. Cyber Crime Statistics! Insider threats are responsible for over 80% of small business issues. There are over 70,000 active viruses ; and exponentially growing Information Security threats can damage or destroy small business 33% of businesses with 100 employees or less had a computer incident Source: NIST 24
55. Cyber Crime Statistics! Small Business Cyber Crime Report 42 % of businesses had a Laptop theft 44% of businesses suffered from Insider Abuse 21% of businesses reported Denial of Service 50% of businesses detected a viruses 20% of business systems became a “Bot” Source: Computer Security Institute Survey 25
56. Cyber Crime Statistics! Reported Data Breaches 2007 - there were 445 data breaches reported 2008 – there were 656 data breaches reported 2009 – approx. 392 data breaches reported. Source: October 9, 2009 USAToday 26
60. Business Continuity & Disaster Recovery Planning NIST IT Security Fundamentals For Small Business Contingency and Disaster Recover planning considerations What happens if there is a disaster (flood, fire, tornado, etc) or a contingency (power outage, sewer backup, accidental sprinkler activation, etc)? Do you have a plan for restoring business operations during or after a disaster or a contingency? Since we all experience power outages or brownouts from time to time, do you have Uninterruptible Power Supplies (UPS) on each of your computers and critical network components? They allow you to work through short power outages and to save your data when the electricity goes off. Conduct an inventory of all information used in running your business. Do you know where each type of information is located (on which computer or server)? Have you prioritized your business information so that you know which type of information is most critical to the operation of your business – and, therefore, which type of information must be restored first in order to run your most critical operations? If you have never (or not recently) done a full inventory of your important business information, now is the time. For a small business, this shouldn’t take longer than a few hours. For a larger business, this might take from a day to a week or so. While you are doing this inventory, ensure that the information is prioritized relative to importance for the entire business, not necessarily for a single part of the business. When you have your prioritized information inventory (on an electronic spreadsheet), add three columns to address the kind of protection that each type of information needs. Some information will need protection for confidentiality, some for integrity, and some for availability. 30
66. As you read/research your trade/professional publications, take note of the data security issues covered in these publications. Ask yourself “Is my business vulnerable to something like this? If so, what have others done that I could copy to protect my business?”
67. As you network with your peers, talk cyber security issues. Give and get advice, hints, tips, etc.
68. Make every effort to stay in touch with and on top of every threat or incident that does or could affect your business.
69. Join InfraGard to get critical information about current threats in your local area (and to act as eyes and ears to help protect our nation!).
77. Control who has access to your systems and networks, this includes cleaning crews. No one should be able to walk into your office space without being challenged by an employee.
81. Do not allow a single individual to both initiate and approve a transaction (financial or otherwise).39
82. Safeguarding Critical Assets Processes The operational aspects of small business; needs checks and balances aka controls. 40
83.
84. Backups can be done inexpensively if copied to another hard drive that can hold 52 weeks of backups; 500GB should be sufficient for most businesses.
119. Some will relate to expected employee practices for using business resources, such as telephones, computers, printers, fax machines, and Internet access.
120. Legal and regulatory requirements may also require certain policies to be put in place and enforced.
121.
122. Policies should be communicated clearly to each employee and all employees should sign a statement agreeing that they have read the policies, that they will follow the policies, and that they understand the possible penalties for violating those policies.
123. This will help management to hold employees accountable for violation of the businesses policies.
124.
125. Highly Recommended IT Security Practices!Business Policies Should Be In Place Security concerns about popup windows and other hacker tricks. When connected to and using the Internet, do not respond to popup windows requesting that you to click “ok” for anything. If a window pops up on your screen informing you that you have a virus or spyware and suggesting that you download an antivirus or antispyware program to take care of it, close the popup window by selecting the X in the upper right corner of the popup window. Hackers are known to scatter infected USB drives with provocative labels in public places where their target business’s employees hang out, knowing that curious individuals will pick them up and take them back to their office system to “see what’s on them.” What is on them is generally malicious code which installs a spy program or remote control program on the computer. Teach your employees to not bring USB drives into the office and plug them into your business computers (or take them home and plug into their home systems). It is a good idea to disable the “AutoRun” feature for the USB ports on your business computers to help prevent such malicious programs from running. 50
126. Highly Recommended IT Security Practices!Business Policies Should Be In Place Security considerations for web surfing. No one should surf the web using a user account which has administrative privileges. It is best to set up a special account with “guest” (limited) privileges to avoid this vulnerability. Issues in downloading software from the Internet. Do not download software from any unknown web page. Only those web pages belonging to businesses with which you have a trusted business relationship should be considered reasonably safe for downloading software. Such trusted sites would include the Microsoft Update web page where you would get patches and updates for various versions of the Windows operating system and Microsoft Office or other similar software. Most other web pages should be viewed with suspicion. Be very careful if you decide to use freeware or shareware from a source on the web. Most of these do not come with technical support and some are deliberately crippled so that you do not have the full functionality you might be led to believe will be provided. 51
127. Highly Recommended IT Security Practices!Business Policies Should Be In Place Doing online business or banking more securely. Online business/commerce/banking should only be done using a secure browser connection. This will normally be indicated by a small lock visible in the lower right corner of your web browser window. After any online commerce or banking session, erase your web browser cache, temporary internet files, cookies, and history so that if your system is compromised, that information will not be on your system to be stolen by the individual hacker or malware program. Recommended personnel practices in hiring employees. When hiring new employees, conduct a comprehensive background check before making a job offer. Ensure that you do criminal background checks on all prospective new employees. If possible, it is a good idea to do a credit check on prospective employees. This is especially true if they will be handling your business funds. Do your homework – call their references and former employers. Note: It is also an excellent idea for you the business owner to do a background check of yourself. Many people become aware that they are victims of identity theft only after they do a background check on themselves and find arrest records and unusual previous addresses where they never lived. 52
128. Highly Recommended IT Security Practices!Business Policies Should Be In Place How to protect against Social Engineering. Social engineering is a personal or electronic attempt to obtain unauthorized information or access to systems/facilities or sensitive areas by manipulating people. The social engineer researches the organization to learn names, titles, responsibilities, and publically available personal identification information. Then the social engineer usually calls the organization’s receptionist or help desk with a believable, but made-up story designed to convince the person that the social engineer is someone in, or associated with, the organization and needs information or system access which the organization’s employee can provide and will feel obligated to provide. Train employees to protect against social engineering techniques, employees must be taught to be helpful, but vigilant when someone calls in for help and asks for information or special system access. The employee must first authenticate the caller by asking for identification information that only the person who is in or associated with the organization would know. If the individual is not able to provide such information, then the employee should politely, but firmly refuse to provide what has been requested by the social engineer. The employee should then notify management of the attempt to obtain information or system access. 53
129. How to dispose of old computers and media. When disposing of old business computers, remove the hard disks and destroy them. The destruction can be done by taking apart the disk and beating the hard disk platters with a hammer. It is very common for small businesses to discard old computers and media without destroying the computers’ hard disks or the media. Sensitive business and personal information is regularly found on computers purchased on Ebay, thrift shops, Goodwill, etc, much to the embarrassment of the small businesses involved (and much to the annoyance of customers or employees whose sensitive data is compromised). Consider Using Full Disk Encryption if you handle sensitive data and information. 54 Highly Recommended IT Security Practices! NIST IT Security Fundamentals For Small Business
130. Information Security Resources for Small Business Small Business Information Security : The Fundamentals (Security Guide for Small Business) http://csrc.nist.gov/publications/drafts/ir-7621/draft-nistir-7621.pdf Small Business Center Documents http://csrc.nist.gov/groups/SMA/sbc/library.html InfraGard – FBI Sponsored Cyber Security Program http://www.infragard.net Protecting Personal information www.ftc.gov/infosecurity Computer Security Training, Network Research & Resources www.SANS.org On Guard Online - Protect Your Personal Information http://www.onguardonline.gov/ 55
134. References 57 Surviving Security—How to Integrate People, Process and Technology, 2nd Edition http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=27320&TEMPLATE=/ContentManagement/ContentDisplay.cfmIntroduction to the Business Model for Information Security , 2009 ISACAhttp://www.isaca.orgSmall Business Information Security : The Fundamentals (Security Guide for Small Business)http://www.nist.gov/cgi-bin//get_pdf.cgi?pub_id=903080 Small Business Center Documentshttp://csrc.nist.gov/groups/SMA/sbc/library.htmlInterHack,- Information Security: Friend or Foe, 2002http://web.interhack.com/publications/whatis-security.pdf
135. 58 Contact Information Julius Clark Email: Julius.Clark.Sr@gmail.com Tel: 704-953-379 Blog: www.clarkthoughtleadership.blogspot.com