Net at Work, profile picture
Uploaded byNet at Work
162 views

Information Security Risks - What You Can Do To Help Your Clients Avoid Costly Mistakes

This webinar discussed cybersecurity best practices for small businesses. It covered current types of attacks like malware, denial of service, and ransomware. The presenters recommended best practices including regular backups, managing technical vulnerabilities, security awareness training, having an incident response plan, effective communication and testing of the plan, and security monitoring. They argued that managed IT services can help businesses implement these practices and mitigate security risks in a cost-effective way. The webinar provided resources for attendees and took questions at the end.

Embed presentation

Download to read offline
Live Webinar: Webinar Audio: You can dial the telephone numbers located on your webinar panel. Or listen in using your headphones or computer speakers. Welcome!
“60% of companies that lose their data will shut down within 6 months of the disaster.” - Gartner Data Loss Can Cost Your Business
Webinar Details • Presentation is roughly 30 minutes • All phone lines are muted • If anyone has any questions during this webinar – please type them in your Questions Box located at the bottom of your webinar panel
Today’s Agenda 1. Introductions 2. Current Types of Attacks 3. Recommended Best Practices 4. What Can You Do For Your Clients? 5. Resources 6. Question and Answer
Today’s Presenters Igal Rabinovich Director of Partner Success Net@Work John Verry Security Consultant Pivot Point Security Steve Moisoff Senior Cloud & Managed Service Solutions Executive Net@Work Pete Thompsen Senior IT Solutions Architect Net@Work
180+ Business Technology Architects and Consultants IT Road Mapping & Strategic Planning Business Process Review Ecosystem BI, Analytics & Reporting Cloud & IT Managed Services ERP/ Accounting Web Development & e-Commerce Sister Company Payment Processing SWYPE Sister Company CRM & Marketing Automation HRMS/ Employer Solutions Document Management Compliance Solutions: Sales Tax | Fixed Assets Managed Print Services Sister Company
We build stronger & more resilient people & companies as a trusted partner by effectively managing information security risk About Our Guest Governance, Risk & Compliance Third Party Risk Management Business Continuity Management Application Security Security Awareness Education Assessments & Audits Penetration Testing & Phishing vCISO Network Security Incident Response
Malware is software that is intended to damage or disable computers and computer systems. Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. Other Physical Network/System Application Phishing Vishing Spear Phishing Whaling Current Types of Attacks
Recommended Best Practices - 6 Keys to Avoid a Breach - Leverage Managed Services
Keep back-up drives disconnected (offline) Malware is able to transit connected drives Utilize versions Communicate with IT the importance of files and how you need to access them Key #1: Backups
Make sure all local controls (anti-spam, firewall, anti-malware, etc.) are up to date Leverage browser add-ons to improve your security Minimize the admin level clearance throughout the organization Consider disabling non-critical services Implement gateway controls Patch/Configuration Management Key #2: Management of Technical Vulnerabilities
Security Awareness Education What should you do if…? Does your cyber liability insurance have any requirements you need to account for? Key #3: Educate Your Team
A good Incident Response Plan will have four fundamental parts 1. Detection: assess & triage 2. Analysis: what's the impact? 3. Recovery: contain, eradicate, repeat 4. Post Incident: prevention Key #4: Have a Plan
The 7x Rule • If someone hasn’t heard at least 7 times, THEY DON’T KNOW IT! • Training, emails, meetings, etc. Testing the plan • Basic walkthroughs – make sure to test incident response in different scenarios (weekends, off hours, when certain people are unreachable) • Phishing tests Are people ready and willing to admit their mistakes? Key #5: Communicate and Test Your Plan
Security Information Event Management – “Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed.” Logs are the key to: • Early detection of security events = less business impact o Average time to detection is ~ 4 months • The ability to effectively analyze, contain, and eliminate the event before it escalates to an incident • The option (in conjunction with your Incident Response Plan) to prosecute • An increasing awareness of your adversary: • Know how hackers find and recon you • Gain insight into potential vulnerabilities early and often • Continually improve so there are “lower fences to climb” Key #6: Security Monitoring
“More than 90% of security events result from targeted exploits to known vulnerabilities in software where patches have been made available but have not yet been applied.” - Gartner Take Basic Precautions
Today SMB IT Managers Cannot Manage Their Diversity of Issues.
Managed Services is the practice of transferring day-to-day management responsibility and risk as a strategic method for improved effective and efficient operations. ✓ Ongoing administration, patches & security updates ✓ Ensure Back Ups & Disaster Recovery plans follow best practices ✓ Alliance Partner & NAW address ongoing strategic technology challenges & business planning ✓ Supporting complexity & diversity of ever changing products ✓ Ensuring Business Applications availability 24*7*365 from anywhere ✓ Supporting demanding end users multiple devices & locations ✓ Maintaining “living” documentation ✓ Continuous Staffing & training costs Managed Services Defined
Better Security Resilient Data Centers Can reach your applications • anywhere • anytime • from any browser No new capital costs for hardware Can create new servers within minutes Unlimited Storage Multiple internet providers High Availability of Services Why Move Services to the Cloud?
Security Enhancements Each Server is protected by AV Endpoint Protection (included) All Server’s a monitored and managed 24x7x365 (included) Multiple Tier 3 Data Centers SAS70 & SSAE 16 Independent Audit Certification Data Encryption – Data is encrypted in flight and at rest. All SANS have SED’s (Self Encrypting Drives) Compliance: HIPAA, PCI, Sarbanes-Oxley Cisco Routers and Firewalls with encryption- 256k Performance Enhancements Virtual Servers are running current Windows OS on a highly available VMware cluster Multiple chassis of blade servers clustered together throughout the datacenter All production storage is solid state disk Multi controller SAN’s clustered as a highly available system Networking infrastructure interconnects are 10GigE or better Each client is configured, by default, for 15 day (daily) backups (stored externally of the hosting datacenter infrastructure) Cloud Architecture Risk
What if Your Clients Could Mitigate Their IT Risk & Manage Their IT Environment 24 x 7 For $7.00/Hour?
What Can You Do for Your Clients?
Ask The Right Questions • What are we doing to mitigate our risk and protect our data? • Do we have a good backup? From when? How do we know? • How do we educate our staff to newly identified attacks? Who is responsible? • How do we mitigate the risk to us and our clients if an event does occur? • Do we have a documented disaster recovery plan? Has it been tested?
Resources 10 Tips to Avoid a Phishing Attack Whitepaper: Operational Testing of your Disaster Recovery Plan Free Email Threat Scan Free Web Application Vulnerability Scan
Please type in your questions Any Questions?
Thank You For Attending Igal Rabinovich | Net@Work Director of Partner Success Phone: 212.997.5200 Ext. 1747 Direct: 646.293.1747 irabinovich@netatwork.com www.netatwork.com/alliance Connect with 800-719-3307 www.netatwork.com netatwork.com/blog Net@Work YouTube Follow us on Twitter: @netatwork_corp Follow Net@Work on LinkedIn Follow Net@Work on Google+ Follow Net@Work on Facebook Contact your Net@Work Account Manager for any questions or concerns. Or you can reach out to us via the information below! Steve Moisoff | Net@Work Account Executive Phone: 212.997.5200 Ext. 1735 Direct: 646.293.1735 smoisoff@netatwork.com www.netatwork.com

More Related Content

PDF
D92-198gstindspdx
byThinkful
 
PDF
Putting data science in your business a first utility feedback
byPeculium Crypto
 
PPTX
Intel boubker el mouttahid
byBigDataExpo
 
PDF
H2O World - What you need before doing predictive analysis - Keen.io
bySri Ambati
 
PDF
The Big Data Dream Team
byAccenture Analytics
 
PPTX
Into the Big Data Future with Watson Analytics
byIBM Innovation Center Silicon Valley
 
PDF
Getstarteddssd12717sd
byThinkful
 
PDF
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
byVlad Catrinescu
 
D92-198gstindspdx
byThinkful
 
Putting data science in your business a first utility feedback
byPeculium Crypto
 
Intel boubker el mouttahid
byBigDataExpo
 
H2O World - What you need before doing predictive analysis - Keen.io
bySri Ambati
 
The Big Data Dream Team
byAccenture Analytics
 
Into the Big Data Future with Watson Analytics
byIBM Innovation Center Silicon Valley
 
Getstarteddssd12717sd
byThinkful
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
byVlad Catrinescu
 

What's hot

PPT
Footprintig(Haching)
byAsif Iqbal
 
PDF
Building Data Science Teams
byEMC
 
PDF
H2O World - Advanced Analytics at Macys.com - Daqing Zhao
bySri Ambati
 
PPTX
Building Data Science Teams: A Moneyball Approach
byjoshwills
 
PDF
H2O World - Machine Learning for non-data scientists
bySri Ambati
 
PDF
Best Practices for Big Data Analytics with Machine Learning by Datameer
byDatameer
 
PDF
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
bycentralohioissa
 
PDF
Data Science Salon: Quit Wasting Time – Case Studies in Production Machine Le...
byFormulatedby
 
PPTX
New professional careers in data
byDavid Rostcheck
 
PDF
10 Rules for Vendors - an Overview
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
PDF
Data science team, a practice to setup
byOmid Mogharian
 
PDF
Five Pitfalls when Operationalizing Data Science and a Strategy for Success
byVMware Tanzu
 
PDF
Back to Square One: Building a Data Science Team from Scratch
byKlaas Bosteels
 
PDF
Architecting a Data Platform For Enterprise Use (Strata NY 2018)
bymark madsen
 
PDF
Software Analytics for Pragmatists [DevOps Camp 2017]
byMarkus Harrer
 
PDF
Operationalizing Data Science: The Right Architecture and Tools
byVMware Tanzu
 
PDF
Data Science Applications | Data Science For Beginners | Data Science Trainin...
byEdureka!
 
PDF
Robert Brooks, PwC
byCSSaunders
 
PDF
What Managers Need to Know about Data Science
byAnnie Flippo
 
PDF
Machine Learning: What Assurance Professionals Need to Know
byAndrew Clark
 
Footprintig(Haching)
byAsif Iqbal
 
Building Data Science Teams
byEMC
 
H2O World - Advanced Analytics at Macys.com - Daqing Zhao
bySri Ambati
 
Building Data Science Teams: A Moneyball Approach
byjoshwills
 
H2O World - Machine Learning for non-data scientists
bySri Ambati
 
Best Practices for Big Data Analytics with Machine Learning by Datameer
byDatameer
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
bycentralohioissa
 
Data Science Salon: Quit Wasting Time – Case Studies in Production Machine Le...
byFormulatedby
 
New professional careers in data
byDavid Rostcheck
 
10 Rules for Vendors - an Overview
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
Data science team, a practice to setup
byOmid Mogharian
 
Five Pitfalls when Operationalizing Data Science and a Strategy for Success
byVMware Tanzu
 
Back to Square One: Building a Data Science Team from Scratch
byKlaas Bosteels
 
Architecting a Data Platform For Enterprise Use (Strata NY 2018)
bymark madsen
 
Software Analytics for Pragmatists [DevOps Camp 2017]
byMarkus Harrer
 
Operationalizing Data Science: The Right Architecture and Tools
byVMware Tanzu
 
Data Science Applications | Data Science For Beginners | Data Science Trainin...
byEdureka!
 
Robert Brooks, PwC
byCSSaunders
 
What Managers Need to Know about Data Science
byAnnie Flippo
 
Machine Learning: What Assurance Professionals Need to Know
byAndrew Clark
 

Similar to Information Security Risks - What You Can Do To Help Your Clients Avoid Costly Mistakes

PPTX
CyberCare Pro - Cybersecurity for SME's updated.pptx
bymargueritemcleod1
 
PPTX
Cybersecurity pres 05-19-final
byVivek Ahuja
 
PPTX
Protecting Your Business - All Covered Security Services
byAll Covered
 
PPTX
Cyber Security Overview for Small Businesses
byCharles Cline
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
PPTX
Assessing Your security
byLegal Services National Technology Assistance Project (LSNTAP)
 
PPTX
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
PPTX
Too Small to Get Hacked? Think Again (Webinar)
byOnRamp
 
PDF
Data security best practices for risk awareness and mitigation
byNick Chandi
 
PPTX
nist_small_business_fundamentals_july_2019 (2).pptx
bylblgofgwsnqoeqquvy
 
PDF
Seattle Tech4Good meetup: Data Security and Privacy
bySabra Goldick
 
PPTX
nist_small_business_fundamentals_july_2019.pptx
byJkYt1
 
PPT
Guard Era Security Overview Preso (Draft)
byGuardEra Access Solutions, Inc.
 
PPTX
Cybersecurity - Keeping Your Business Protected
byRobert E Jones
 
PDF
Cyber Security
bybethpatrick
 
PPTX
Be More Secure than your Competition: MePush Cyber Security for Small Business
byArt Ocain
 
PPTX
Privacies are Coming
byErnest Staats
 
PDF
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
PDF
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
PPTX
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
byAkramAlqadasi1
 
CyberCare Pro - Cybersecurity for SME's updated.pptx
bymargueritemcleod1
 
Cybersecurity pres 05-19-final
byVivek Ahuja
 
Protecting Your Business - All Covered Security Services
byAll Covered
 
Cyber Security Overview for Small Businesses
byCharles Cline
 
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
Assessing Your security
byLegal Services National Technology Assistance Project (LSNTAP)
 
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
Too Small to Get Hacked? Think Again (Webinar)
byOnRamp
 
Data security best practices for risk awareness and mitigation
byNick Chandi
 
nist_small_business_fundamentals_july_2019 (2).pptx
bylblgofgwsnqoeqquvy
 
Seattle Tech4Good meetup: Data Security and Privacy
bySabra Goldick
 
nist_small_business_fundamentals_july_2019.pptx
byJkYt1
 
Guard Era Security Overview Preso (Draft)
byGuardEra Access Solutions, Inc.
 
Cybersecurity - Keeping Your Business Protected
byRobert E Jones
 
Cyber Security
bybethpatrick
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
byArt Ocain
 
Privacies are Coming
byErnest Staats
 
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
byAkramAlqadasi1
 

More from Net at Work

PDF
Sage HRMS Configuration and Business Response and HR Planning
byNet at Work
 
PDF
Employer Update & Getting Business Back on Track
byNet at Work
 
PDF
Tips on the IRS & DOL Employer Tax Credits & Loans
byNet at Work
 
PDF
Sage 100: Enabling Your Team to Work Remotely with the Impact from COVID-19 &...
byNet at Work
 
PDF
The New Remote Workforce & The Case for Hosting Your Sage Solution in the Cloud
byNet at Work
 
PDF
MIP Webinar: Working Remotely with the Impact of COVID-19 & Planning for FFCRA
byNet at Work
 
PDF
Managing Through COVID-19
byNet at Work
 
PPTX
Tax Compliance in the Wake of COVID-19 What’s Changed
byNet at Work
 
PDF
Fixed Assets are Suddenly Mobile “At Home” Assets
byNet at Work
 
PPTX
Sage 300 Webinar: Enabling Your Team to Work Remotely with the Impact from CO...
byNet at Work
 
PDF
Coping with Covid-19: Keeping the Workplace Moving
byNet at Work
 
PDF
How Engaged Employees Affect the Bottom Line
byNet at Work
 
PDF
Endpoint Security & Why It Matters!
byNet at Work
 
PDF
Transformative HR Technology For Nonprofits
byNet at Work
 
PDF
Document Capture: Never Touch a Document Again
byNet at Work
 
PDF
Benefits of Abila MIP Payroll
byNet at Work
 
PDF
Sage Intelligence for Sage 100
byNet at Work
 
PDF
How the IRS 2019 Form W-4 Will Change Payroll
byNet at Work
 
PDF
Cloud-based Payroll Outsourcing: Why The Shift?
byNet at Work
 
PDF
Digital Marketing Automation Built for Microsoft Dynamics 365
byNet at Work
 
Sage HRMS Configuration and Business Response and HR Planning
byNet at Work
 
Employer Update & Getting Business Back on Track
byNet at Work
 
Tips on the IRS & DOL Employer Tax Credits & Loans
byNet at Work
 
Sage 100: Enabling Your Team to Work Remotely with the Impact from COVID-19 &...
byNet at Work
 
The New Remote Workforce & The Case for Hosting Your Sage Solution in the Cloud
byNet at Work
 
MIP Webinar: Working Remotely with the Impact of COVID-19 & Planning for FFCRA
byNet at Work
 
Managing Through COVID-19
byNet at Work
 
Tax Compliance in the Wake of COVID-19 What’s Changed
byNet at Work
 
Fixed Assets are Suddenly Mobile “At Home” Assets
byNet at Work
 
Sage 300 Webinar: Enabling Your Team to Work Remotely with the Impact from CO...
byNet at Work
 
Coping with Covid-19: Keeping the Workplace Moving
byNet at Work
 
How Engaged Employees Affect the Bottom Line
byNet at Work
 
Endpoint Security & Why It Matters!
byNet at Work
 
Transformative HR Technology For Nonprofits
byNet at Work
 
Document Capture: Never Touch a Document Again
byNet at Work
 
Benefits of Abila MIP Payroll
byNet at Work
 
Sage Intelligence for Sage 100
byNet at Work
 
How the IRS 2019 Form W-4 Will Change Payroll
byNet at Work
 
Cloud-based Payroll Outsourcing: Why The Shift?
byNet at Work
 
Digital Marketing Automation Built for Microsoft Dynamics 365
byNet at Work
 

Recently uploaded

PDF
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
PPTX
Recent Data Breaches in Cyber World.pptx
byyoshuaImmanuel1
 
PDF
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
PDF
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
PDF
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
PDF
Build a Scalable On-Demand Courier Service App
byV3CUBE TECHNOLABS
 
PDF
Monitoring your MySQL Server's Health Trends
byIgor Donchovski
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PDF
Project Tracking in Software Project Management
bySahanaBarveen1
 
PDF
apidays Australia 2025 | Orchestrator vs. Choreography
byapidays
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PDF
apidays Amsterdam 2025 | Making AI work for you as an API Product Manager
byapidays
 
PDF
software architecture for busy developers
byMuhammadAwaisQaisran
 
PPTX
BUSY Software Business Management Solution.pptx
byMoving Cloud
 
PDF
Windows Server 2025 Administration Fundamentals 4ED
byraynasolomon136
 
PDF
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
PDF
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
Recent Data Breaches in Cyber World.pptx
byyoshuaImmanuel1
 
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
Build a Scalable On-Demand Courier Service App
byV3CUBE TECHNOLABS
 
Monitoring your MySQL Server's Health Trends
byIgor Donchovski
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
Project Tracking in Software Project Management
bySahanaBarveen1
 
apidays Australia 2025 | Orchestrator vs. Choreography
byapidays
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
apidays Amsterdam 2025 | Making AI work for you as an API Product Manager
byapidays
 
software architecture for busy developers
byMuhammadAwaisQaisran
 
BUSY Software Business Management Solution.pptx
byMoving Cloud
 
Windows Server 2025 Administration Fundamentals 4ED
byraynasolomon136
 
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 

Information Security Risks - What You Can Do To Help Your Clients Avoid Costly Mistakes

  • 1.
    Live Webinar: Webinar Audio: Youcan dial the telephone numbers located on your webinar panel. Or listen in using your headphones or computer speakers. Welcome!
  • 2.
    “60% of companiesthat lose their data will shut down within 6 months of the disaster.” - Gartner Data Loss Can Cost Your Business
  • 3.
    Webinar Details • Presentationis roughly 30 minutes • All phone lines are muted • If anyone has any questions during this webinar – please type them in your Questions Box located at the bottom of your webinar panel
  • 4.
    Today’s Agenda 1. Introductions 2.Current Types of Attacks 3. Recommended Best Practices 4. What Can You Do For Your Clients? 5. Resources 6. Question and Answer
  • 5.
    Today’s Presenters Igal Rabinovich Directorof Partner Success Net@Work John Verry Security Consultant Pivot Point Security Steve Moisoff Senior Cloud & Managed Service Solutions Executive Net@Work Pete Thompsen Senior IT Solutions Architect Net@Work
  • 6.
    180+ Business Technology Architects andConsultants IT Road Mapping & Strategic Planning Business Process Review Ecosystem BI, Analytics & Reporting Cloud & IT Managed Services ERP/ Accounting Web Development & e-Commerce Sister Company Payment Processing SWYPE Sister Company CRM & Marketing Automation HRMS/ Employer Solutions Document Management Compliance Solutions: Sales Tax | Fixed Assets Managed Print Services Sister Company
  • 7.
    We build stronger& more resilient people & companies as a trusted partner by effectively managing information security risk About Our Guest Governance, Risk & Compliance Third Party Risk Management Business Continuity Management Application Security Security Awareness Education Assessments & Audits Penetration Testing & Phishing vCISO Network Security Incident Response
  • 8.
    Malware is software thatis intended to damage or disable computers and computer systems. Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. Other Physical Network/System Application Phishing Vishing Spear Phishing Whaling Current Types of Attacks
  • 9.
    Recommended Best Practices -6 Keys to Avoid a Breach - Leverage Managed Services
  • 10.
    Keep back-up drivesdisconnected (offline) Malware is able to transit connected drives Utilize versions Communicate with IT the importance of files and how you need to access them Key #1: Backups
  • 11.
    Make sure alllocal controls (anti-spam, firewall, anti-malware, etc.) are up to date Leverage browser add-ons to improve your security Minimize the admin level clearance throughout the organization Consider disabling non-critical services Implement gateway controls Patch/Configuration Management Key #2: Management of Technical Vulnerabilities
  • 12.
    Security Awareness Education Whatshould you do if…? Does your cyber liability insurance have any requirements you need to account for? Key #3: Educate Your Team
  • 13.
    A good IncidentResponse Plan will have four fundamental parts 1. Detection: assess & triage 2. Analysis: what's the impact? 3. Recovery: contain, eradicate, repeat 4. Post Incident: prevention Key #4: Have a Plan
  • 14.
    The 7x Rule •If someone hasn’t heard at least 7 times, THEY DON’T KNOW IT! • Training, emails, meetings, etc. Testing the plan • Basic walkthroughs – make sure to test incident response in different scenarios (weekends, off hours, when certain people are unreachable) • Phishing tests Are people ready and willing to admit their mistakes? Key #5: Communicate and Test Your Plan
  • 15.
    Security Information EventManagement – “Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed.” Logs are the key to: • Early detection of security events = less business impact o Average time to detection is ~ 4 months • The ability to effectively analyze, contain, and eliminate the event before it escalates to an incident • The option (in conjunction with your Incident Response Plan) to prosecute • An increasing awareness of your adversary: • Know how hackers find and recon you • Gain insight into potential vulnerabilities early and often • Continually improve so there are “lower fences to climb” Key #6: Security Monitoring
  • 16.
    “More than 90%of security events result from targeted exploits to known vulnerabilities in software where patches have been made available but have not yet been applied.” - Gartner Take Basic Precautions
  • 17.
    Today SMB ITManagers Cannot Manage Their Diversity of Issues.
  • 18.
    Managed Services isthe practice of transferring day-to-day management responsibility and risk as a strategic method for improved effective and efficient operations. ✓ Ongoing administration, patches & security updates ✓ Ensure Back Ups & Disaster Recovery plans follow best practices ✓ Alliance Partner & NAW address ongoing strategic technology challenges & business planning ✓ Supporting complexity & diversity of ever changing products ✓ Ensuring Business Applications availability 24*7*365 from anywhere ✓ Supporting demanding end users multiple devices & locations ✓ Maintaining “living” documentation ✓ Continuous Staffing & training costs Managed Services Defined
  • 19.
    Better Security Resilient DataCenters Can reach your applications • anywhere • anytime • from any browser No new capital costs for hardware Can create new servers within minutes Unlimited Storage Multiple internet providers High Availability of Services Why Move Services to the Cloud?
  • 20.
    Security Enhancements Each Serveris protected by AV Endpoint Protection (included) All Server’s a monitored and managed 24x7x365 (included) Multiple Tier 3 Data Centers SAS70 & SSAE 16 Independent Audit Certification Data Encryption – Data is encrypted in flight and at rest. All SANS have SED’s (Self Encrypting Drives) Compliance: HIPAA, PCI, Sarbanes-Oxley Cisco Routers and Firewalls with encryption- 256k Performance Enhancements Virtual Servers are running current Windows OS on a highly available VMware cluster Multiple chassis of blade servers clustered together throughout the datacenter All production storage is solid state disk Multi controller SAN’s clustered as a highly available system Networking infrastructure interconnects are 10GigE or better Each client is configured, by default, for 15 day (daily) backups (stored externally of the hosting datacenter infrastructure) Cloud Architecture Risk
  • 21.
    What if YourClients Could Mitigate Their IT Risk & Manage Their IT Environment 24 x 7 For $7.00/Hour?
  • 22.
    What Can YouDo for Your Clients?
  • 23.
    Ask The RightQuestions • What are we doing to mitigate our risk and protect our data? • Do we have a good backup? From when? How do we know? • How do we educate our staff to newly identified attacks? Who is responsible? • How do we mitigate the risk to us and our clients if an event does occur? • Do we have a documented disaster recovery plan? Has it been tested?
  • 24.
    Resources 10 Tips toAvoid a Phishing Attack Whitepaper: Operational Testing of your Disaster Recovery Plan Free Email Threat Scan Free Web Application Vulnerability Scan
  • 25.
    Please type in yourquestions Any Questions?
  • 26.
    Thank You ForAttending Igal Rabinovich | Net@Work Director of Partner Success Phone: 212.997.5200 Ext. 1747 Direct: 646.293.1747 irabinovich@netatwork.com www.netatwork.com/alliance Connect with 800-719-3307 www.netatwork.com netatwork.com/blog Net@Work YouTube Follow us on Twitter: @netatwork_corp Follow Net@Work on LinkedIn Follow Net@Work on Google+ Follow Net@Work on Facebook Contact your Net@Work Account Manager for any questions or concerns. Or you can reach out to us via the information below! Steve Moisoff | Net@Work Account Executive Phone: 212.997.5200 Ext. 1735 Direct: 646.293.1735 smoisoff@netatwork.com www.netatwork.com