Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
Throughout history we've seen opposing forces skillfully pit strengths against weaknesses until, ultimately, one side succumbs. Holding a position takes considerably more effort than does a single, offensive surge, and attackers are counting on it. The very nature of the cybersecurity attacks we face today are in direct response to the shortcomings of the available tools, knowledge and approaches. The only problem is that we must evolve our defenses as fast as (or faster) than their offenses, and the odds are greatly in their favor. Imagine a football game – with no time limits – determined by your opponent’s first undefended scoring play. Game over. Hmmm…I wonder how that one ends?
Facing next-generation challenges requires a next-generation approach – preferably one that requires no change to your current production environment, never tires, continually evolves, doesn't rely on humans and is 99%+ accurate regardless of Internet connectivity. We'll discuss a solution that shifts the balance in your favor by leveraging artificial intelligence to predict and prevent against malware-born threats so you don't have to.
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
Organizations today are vastly unprepared for the threat of modern cyber-attacks. At the same time, the attackers are becoming more sophisticated and the amount of resources at their disposal is increasing. It has become a lucrative business to hack, disrupt, and steal intellectual property from organizations of all sizes and in all business sectors.
While the attackers are becoming more sophisticated, organizations have their IT security positioned for threats from the past century, with poor password management techniques, simple ACL based file permissions, and basic firewall and zone-based containment techniques. This makes it easier for attackers to obtain access to critical intellectual property and makes career-ruining disruptions all the more common.
This session focuses on understanding what is currently wrong with IT security practices and how your organization can change processes, techniques, and tools to provide for a significantly higher level of IT security without necessarily having to implement expensive tools or obtrusive processes.
• Understand the pitfalls of current IT Security practices, including myths around password change policies, allowing logins without providing multiple factors, and the proliferation of ‘always-on’ admin rights.
• Examine how simple changes in IT strategy can greatly improve your overall IT posture, including providing for up to a 99% improvement in the likelihood of a data credential theft.
• Determine which easy to deploy tools and features which you may already be licensed for can be used to tighten up IT security within an environment, including solutions such as Microsoft Defender for Identity, Azure Sentinel, Microsoft Cloud App Security, next-generation firewalls, and more.
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
While companies have made significant strides with mobile device security software on smart phones and tablets, the wearables category is a different story. Personal data, customer data, and sensitive corporate information is at risk with data leaks exposed at multiple end points. There are a number of factors contributing to this situation that we will look at in this presentation as well as best practices to address them. The miniaturization of sensors and cameras and unprecedented connectivity have created a scenario where data can be captured and stored very easily, and at times unwittingly, by users. Lack of policies and careless use of enterprise wearables can be more of a security risk than cyber criminals. The trend of this problem will likely get worse, market forecasts show that IoT devices and wearables will surpass volumes of mobile devices over the next few years. The great promise and benefits of these devices coupled with privacy and security concerns make this technology a double edge sword.
Augmented World Expo (AWE) is back for its seventh year in our largest conference and expo featuring technologies giving us superpowers: augmented reality (AR), virtual reality (VR) and wearable tech. Join over 4,000 attendees from all over the world including a mix of CEOs, CTOs, designers, developers, creative agencies, futurists, analysts, investors, and top press in a fantastic opportunity to learn, inspire, partner, and experience first hand the most exciting industry of our times. See more at http://AugmentedWorldExpo.com
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
Throughout history we've seen opposing forces skillfully pit strengths against weaknesses until, ultimately, one side succumbs. Holding a position takes considerably more effort than does a single, offensive surge, and attackers are counting on it. The very nature of the cybersecurity attacks we face today are in direct response to the shortcomings of the available tools, knowledge and approaches. The only problem is that we must evolve our defenses as fast as (or faster) than their offenses, and the odds are greatly in their favor. Imagine a football game – with no time limits – determined by your opponent’s first undefended scoring play. Game over. Hmmm…I wonder how that one ends?
Facing next-generation challenges requires a next-generation approach – preferably one that requires no change to your current production environment, never tires, continually evolves, doesn't rely on humans and is 99%+ accurate regardless of Internet connectivity. We'll discuss a solution that shifts the balance in your favor by leveraging artificial intelligence to predict and prevent against malware-born threats so you don't have to.
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
Organizations today are vastly unprepared for the threat of modern cyber-attacks. At the same time, the attackers are becoming more sophisticated and the amount of resources at their disposal is increasing. It has become a lucrative business to hack, disrupt, and steal intellectual property from organizations of all sizes and in all business sectors.
While the attackers are becoming more sophisticated, organizations have their IT security positioned for threats from the past century, with poor password management techniques, simple ACL based file permissions, and basic firewall and zone-based containment techniques. This makes it easier for attackers to obtain access to critical intellectual property and makes career-ruining disruptions all the more common.
This session focuses on understanding what is currently wrong with IT security practices and how your organization can change processes, techniques, and tools to provide for a significantly higher level of IT security without necessarily having to implement expensive tools or obtrusive processes.
• Understand the pitfalls of current IT Security practices, including myths around password change policies, allowing logins without providing multiple factors, and the proliferation of ‘always-on’ admin rights.
• Examine how simple changes in IT strategy can greatly improve your overall IT posture, including providing for up to a 99% improvement in the likelihood of a data credential theft.
• Determine which easy to deploy tools and features which you may already be licensed for can be used to tighten up IT security within an environment, including solutions such as Microsoft Defender for Identity, Azure Sentinel, Microsoft Cloud App Security, next-generation firewalls, and more.
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
While companies have made significant strides with mobile device security software on smart phones and tablets, the wearables category is a different story. Personal data, customer data, and sensitive corporate information is at risk with data leaks exposed at multiple end points. There are a number of factors contributing to this situation that we will look at in this presentation as well as best practices to address them. The miniaturization of sensors and cameras and unprecedented connectivity have created a scenario where data can be captured and stored very easily, and at times unwittingly, by users. Lack of policies and careless use of enterprise wearables can be more of a security risk than cyber criminals. The trend of this problem will likely get worse, market forecasts show that IoT devices and wearables will surpass volumes of mobile devices over the next few years. The great promise and benefits of these devices coupled with privacy and security concerns make this technology a double edge sword.
Augmented World Expo (AWE) is back for its seventh year in our largest conference and expo featuring technologies giving us superpowers: augmented reality (AR), virtual reality (VR) and wearable tech. Join over 4,000 attendees from all over the world including a mix of CEOs, CTOs, designers, developers, creative agencies, futurists, analysts, investors, and top press in a fantastic opportunity to learn, inspire, partner, and experience first hand the most exciting industry of our times. See more at http://AugmentedWorldExpo.com
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
3 ways to secure your law firm’s information and reputationNikec Solutions
As competition within the legal environment intensifies, law firms are constantly looking for ways to differentiate their services.
While many consider their reputation as their greatest asset that took years to build, there are a few key elements that underpin this, one of which is security.
It is this robust security that can prevent issues such as data breaches which in turn will destroy your reputation at the snap of a finger.
It is not only the law firms who understand the need for data protection and security, clients and consumers are becoming much more savvy and are realising that they too, need to protect their own.
With newspapers filled with stories of hackers attacking large multinational companies and mobile devices with sensitive data being lost or stolen, security is fast becoming a top priority for most businesses today.
Here are 3 ways to secure your law firm’s
information and reputation
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
Get an inside look at practical examples of how hackers target control systems networks from the recent Lunch and Learn event put on by Infonaligy and Flexware Innovation.
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
My GRRCON 2013 talk on imparting security awareness. This is based on a highly successful and well received awareness program I created and rolled out for both blue collar and white collar users.
Fundamentals about how to secure your small business, with an emphasis on companies that use or host CRM information. This includes checklists & step-by-step recommendations
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationKareo
Are you taking the necessary precautions to ensure your data is safe? In this information-packed webinar, Kareo’s Security Team will discuss the current climate of the healthcare industry in regards to data security, common misconceptions about using cloud-based software and best practices to implement in your daily workflow to ensure your data is safe.
Join Jesse Salmon (Information Security Manager) and Tim Nabhani (Security Architect) as they review:
-Why cyber attackers are targeting the healthcare industry
-Common security myths about using cloud-based systems
-Key security differences between cloud and on-premise data storage
-Key security controls to look for when considering a cloud-based solution
-Some security best practices to implement in your daily workflow to protect your data and your business
Don’t wait until it’s too late. Now more than ever, it’s important that both independent practices and billing companies take extra precautions to ensure their data and their business are secure.
Insider threats - Lessons from Snowden (ISF UK Chapter)Huntsman Security
The problem of insider security threats is not a new one, but with the recent whistle-blowing cases in the US it has been into sharp relief for organisations who have sensitive data and wish to protect it from exposure or compromise.
With 2014 being noted as “The Year of the Breach,” many businesses are still unprepared or not properly protected from numerous security threats. So what can your business do to help keep sensitive data safe? Check out the following slideshow to learn how to protect yourself and your business from threats. Contact the IT Security experts at MTG today to protect your organization!
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
JMS Secure Data presentation designed to give businesses who use PC's, Laptops, Servers including portable and mobile devices including magnetic media, used to store and transmit personal information, how to treat data and keep their business compliant.
Losing data which could cause damage or distress to individuals may lead to enforcement action against your business including financial penalties.
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
3 ways to secure your law firm’s information and reputationNikec Solutions
As competition within the legal environment intensifies, law firms are constantly looking for ways to differentiate their services.
While many consider their reputation as their greatest asset that took years to build, there are a few key elements that underpin this, one of which is security.
It is this robust security that can prevent issues such as data breaches which in turn will destroy your reputation at the snap of a finger.
It is not only the law firms who understand the need for data protection and security, clients and consumers are becoming much more savvy and are realising that they too, need to protect their own.
With newspapers filled with stories of hackers attacking large multinational companies and mobile devices with sensitive data being lost or stolen, security is fast becoming a top priority for most businesses today.
Here are 3 ways to secure your law firm’s
information and reputation
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
Get an inside look at practical examples of how hackers target control systems networks from the recent Lunch and Learn event put on by Infonaligy and Flexware Innovation.
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
My GRRCON 2013 talk on imparting security awareness. This is based on a highly successful and well received awareness program I created and rolled out for both blue collar and white collar users.
Fundamentals about how to secure your small business, with an emphasis on companies that use or host CRM information. This includes checklists & step-by-step recommendations
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationKareo
Are you taking the necessary precautions to ensure your data is safe? In this information-packed webinar, Kareo’s Security Team will discuss the current climate of the healthcare industry in regards to data security, common misconceptions about using cloud-based software and best practices to implement in your daily workflow to ensure your data is safe.
Join Jesse Salmon (Information Security Manager) and Tim Nabhani (Security Architect) as they review:
-Why cyber attackers are targeting the healthcare industry
-Common security myths about using cloud-based systems
-Key security differences between cloud and on-premise data storage
-Key security controls to look for when considering a cloud-based solution
-Some security best practices to implement in your daily workflow to protect your data and your business
Don’t wait until it’s too late. Now more than ever, it’s important that both independent practices and billing companies take extra precautions to ensure their data and their business are secure.
Insider threats - Lessons from Snowden (ISF UK Chapter)Huntsman Security
The problem of insider security threats is not a new one, but with the recent whistle-blowing cases in the US it has been into sharp relief for organisations who have sensitive data and wish to protect it from exposure or compromise.
With 2014 being noted as “The Year of the Breach,” many businesses are still unprepared or not properly protected from numerous security threats. So what can your business do to help keep sensitive data safe? Check out the following slideshow to learn how to protect yourself and your business from threats. Contact the IT Security experts at MTG today to protect your organization!
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
JMS Secure Data presentation designed to give businesses who use PC's, Laptops, Servers including portable and mobile devices including magnetic media, used to store and transmit personal information, how to treat data and keep their business compliant.
Losing data which could cause damage or distress to individuals may lead to enforcement action against your business including financial penalties.
10 Quick Cybersecurity Wins for Small BusinessSYMBIONT, INC.
The internet and information technologies are powerful tools for small businesses in reaching new markets, increasing productivity, and efficiency. To protect their business, customers, and data, from growing cybersecurity threats businesses need a cybersecurity strategy.
5 in 1 Data Protection - This solution is listed on "Gartner's Cool Vendor in Business Continuity and IT Disaster Recovery Management."
Always Protected. Always There.
- Automated Backup
- One-Click Disaster Recovery
- Local & Cloud-Based Protection
Cloud backup, archive, disaster recovery, and file sharing. Protecting servers (physical and virtual), desktops and laptops, and mobile endpoints coverage with your choice of cloud targets – your cloud, our cloud, or any cloud. This is data protection on your terms.
Addressing the Data Security Risks of Cloud-Based SoftwareKareo
Kareo’s Security Team, Jesse Salmon (Information Security Manager) and Tim Nabhani (Security Architect), will go over some of the biggest risks and misconceptions in data security as it relates to the cloud. They will also share some key security measures to look for when evaluating a cloud-based solution.
Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.
The policy Bring Your Own Device (BYOD) permits employees to use their own technical devices such as tablets, laptops, and mobile phones in the workplace. However, what are the risks and benefits for implementing a BYOD policy?
You already know BYOD is here to stay. How can you give employees the flexibility they demand? Prevent BYOD from becoming BYOT (threat)? Ensure a uniform trust model for device provisioning? Mitigate the risks for applications, network access and data security?
This webinar provides a policy framework for BYOD enablement:
• Risk and vulnerability assessment
• Security and access policies
• Key success factors
• Trigger response policies
• Prevent data loss at both the application and device level
• Shared device security policies
• Options for achieving your security requirements and end-user expectations
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
1. Lock It or Lose It:
Why Every Company Should Be
Concerned About Data Security
James Benham
CEO and Co-founder of SmartCompliance.
Entrepreneur & risk technology consultant.
2. - OUR ITINERARY FOR TODAY -
SmartCompliance, Inc. All rights reserved
• Notable data breaches of the 21st century and learning
experiences.
• Strategies to use Safe Cloud Environments.
• The best tools to assure data is protected.
• My personal 10 golden rules of Data Security.
• Protection of data in work-remote environments.
• Q&A time.
3. BASIC DEFINITIONS
• Data is the major asset any company has.
• Cloud Data is a necessity and the perfect
solution for storage information.
• Data security is the practice of protecting digital
information from:
• Unauthorized access.
• Corruption.
• Theft throughout its entire lifecycle.
DATA PROTECTION NEEDS ORGANIZATION
SmartCompliance, Inc. All rights reserved
4. NOTABLE DATA BREACHES OF THE 21st CENTUR
SmartCompliance, Inc. All rights reserved
Date: October 2013
Impact: 153 million user records
Data Breach:
• Hackers had stolen nearly 3 million encrypted customer credit card records.
• Login data for an undetermined number of user accounts.
Repercussions:
• August 2015 Adobe pays $1.1 million in legal fees.
• Pay an undisclosed amount to users to settle claims of violating the Customer
Records Act.
*Reported: by security blogger Brian Krebs.
5. Date: 2014 the year of "Cloud celebrity picture leaks fever"
Impact: Jennifer Lawrence stolen photos
Data Breach:
• Phishing scheme that tricked the actress into revealing her usernames and
passwords.
• Stolen pictures from her own Apple iCloud iPhone/iPad-linked accounts.
Repercussions:
• George Garofano form Connecticut was sentenced to eight months in prison for
his part in the hacking of her cloud and private pictures.
NOTABLE DATA BREACHES OF THE 21st CENTURY
SmartCompliance, Inc. All rights reserved
6. • Do you encrypt files when sharing information in the cloud?
• Do you read Privacy Policies when you sign up or update
cloud information?
• Do you study the apps that you are sharing information with?
• Does your team use strong passwords and two
factor authentication?
ASK YOUR SELF THESE QUESTIONS
SmartCompliance, Inc. All rights reserved
7. Data Loss Prevention (DPL) Software
• Classifies what data is sensitive and identifies weak points.
• Uses alerts and preventive measures to prevent accidentally or
purposely sharing private data.
• Digital tools to track and ensure data is not
lost, used or accessed by unauthorized users.
USE TECNOLOGY ON YOUR SIDE
SmartCompliance, Inc. All rights reserved
8. RULE # 1: All employees must have clear rules
for the protection of IT
MY PERSONAL RULES
SmartCompliance, Inc. All rights reserved
• Define first what data does your company need to store & protect?.
• Only authorized users can access sensible data.
• Keep company’s IT technologies up to date and regularly update the latest
system version.
• Run tests and "exams" to teach your team to be prepared. Ex: false emails and
security campaign at least once a year.
9. Secure communication channels
RULE #2
SmartCompliance, Inc. All rights reserved
• Secure your home/office WLAN connection.
• Connect tablets, smartphones or PCs of home-office employees to the
corporate network.
• Virtual private networks (VPNs) are recommended.
• Establish connections via a “secure tunnel."
• Stay away from public WIFI and hotspots.
10. Passwords are the first line of defense
RULE #3
SmartCompliance, Inc. All rights reserved
• Password must be strong and don’t contain personal information. Should contain:
• Both upper case and lower-case letters.
• Numbers.
• At least one special character.
• The default administrator password should be replaced with a new one.
• Require your team to change their passwords on a regular basis.
• Always log out when finished using a password protected service or application.
• If a cloud service offers a two-step verification process, then it’s best to use it.
11. Share files from a cloud secure data center.
RULE #4
SmartCompliance, Inc. All rights reserved
• Device-based conditional access to block users on unauthorized devices.
• Sign out users after a defined period of inactivity.
• Send documents through links that expire or require password access.
• Grant limited privileges with customized links.
• Protect data by identifying sensitive documents and preventing them from
being shared.
12. Always use a cloud service that offers full encryption for
your data.
RULE #5
SmartCompliance, Inc. All rights reserved
• Ideally, the cloud service should offer 256-bit AES military-grade encryption
across all its communications and storage.
• Read and review the Terms of Service of the cloud provider.
• Choose cloud services that have an event of a breach or data disaster.
• Microsoft OneDrive is a trusted and reliable platform
13. Backup your important information
RULE #6
SmartCompliance, Inc. All rights reserved
• 30 % of people have never backed up their devices.
• Laptops are stolen every 53 seconds in the U.S. (Kensington)
• Don’t keep all your eggs in one basket.
• Regularly update your computer to fix bugs that open you to risk.
• Schedule backups to external hard drives or in the cloud in order to keep your
data stored safely.
• The ideal frequency is weekly, but you can do incremental backups every few
days.
14. Basic security measures and antivirus
RULE #7
SmartCompliance, Inc. All rights reserved
• Ensure strong anti-malware programs are in place for all your devices.
• Avast.
• Bitdefender.
• F-Secure.
• McAfee.
• Norton.
• Updating is important! Recent updates allow your Data to be more secured.
• Be smart with emails and surfing the web. Downloading apps or files can
infect your computer. Be careful with the sources you find online, or you receive.
Take every “warning box” seriously.
15. Transparency and legal regulations
RULE #8
SmartCompliance, Inc. All rights reserved
• If your business collects, processes, and holds personal information you need
a transparent privacy policy in place.
• Required to ask for consent and explain why you need those details.
• No matter your business’ size, you need a secure network to protect
processed personal data.
• Businesses handling sensitive information like health records or credit cards
require regulations.
• Have a dedicated Data Protection Officer.
16. Security engineering
RULE #9
SmartCompliance, Inc. All rights reserved
• Security controls should be integrated so that security becomes an integral
part of system operations.
• Develop a set of security standards and practices.
• Conduct scans of networks to find vulnerabilities.
• Monitor networks and systems for security breaches or intrusions.
• Test security solutions using industry standard analysis criteria.
• Supervise changes in software, hardware, and user needs.
17. Monitor vulnerability disclosure
RULE #10
SmartCompliance, Inc. All rights reserved
• If you notice a vulnerability in a system you use, report it directly to whoever is
directly responsible.
• If you receive a report that there is a vulnerability in your system, make fixing
this your top priority.
• Use threat intelligence information to understand threats that are currently
targeting or may become a problem for your organization.
• Plan an organization’s information security strategy.
• Educated staff members on information security through training.
18. DISCUSSION TIME!
Data Security is not a one-time engagement...
It is a daily task!
SmartCompliance, Inc. All rights reserved
19. To receive monthly Industry- Exclusive
information, subscribe to our Newsletter.
smartcompliance.co/newsletter
Thank you for attending!
SmartCompliance, Inc. All rights reserved