SlideShare a Scribd company logo

Lock it or Lose It: Why Every Company Should be Concerned About Data Security

SmartCompliance
SmartCompliance

Learn why every company should be concerned about Data Security & the three common elements of incident detection and response.

Data & Analytics
1 of 19
Download to read offline
Lock It or Lose It: Why Every Company Should Be Concerned About Data Security James Benham CEO and Co-founder of SmartCompliance. Entrepreneur & risk technology consultant.
- OUR ITINERARY FOR TODAY - SmartCompliance, Inc. All rights reserved • Notable data breaches of the 21st century and learning experiences. • Strategies to use Safe Cloud Environments. • The best tools to assure data is protected. • My personal 10 golden rules of Data Security. • Protection of data in work-remote environments. • Q&A time.
BASIC DEFINITIONS • Data is the major asset any company has. • Cloud Data is a necessity and the perfect solution for storage information. • Data security is the practice of protecting digital information from: • Unauthorized access. • Corruption. • Theft throughout its entire lifecycle. DATA PROTECTION NEEDS ORGANIZATION SmartCompliance, Inc. All rights reserved
NOTABLE DATA BREACHES OF THE 21st CENTUR SmartCompliance, Inc. All rights reserved Date: October 2013 Impact: 153 million user records Data Breach: • Hackers had stolen nearly 3 million encrypted customer credit card records. • Login data for an undetermined number of user accounts. Repercussions: • August 2015 Adobe pays $1.1 million in legal fees. • Pay an undisclosed amount to users to settle claims of violating the Customer Records Act. *Reported: by security blogger Brian Krebs.
Date: 2014 the year of "Cloud celebrity picture leaks fever" Impact: Jennifer Lawrence stolen photos Data Breach: • Phishing scheme that tricked the actress into revealing her usernames and passwords. • Stolen pictures from her own Apple iCloud iPhone/iPad-linked accounts. Repercussions: • George Garofano form Connecticut was sentenced to eight months in prison for his part in the hacking of her cloud and private pictures. NOTABLE DATA BREACHES OF THE 21st CENTURY SmartCompliance, Inc. All rights reserved
• Do you encrypt files when sharing information in the cloud? • Do you read Privacy Policies when you sign up or update cloud information? • Do you study the apps that you are sharing information with? • Does your team use strong passwords and two factor authentication? ASK YOUR SELF THESE QUESTIONS SmartCompliance, Inc. All rights reserved
Data Loss Prevention (DPL) Software • Classifies what data is sensitive and identifies weak points. • Uses alerts and preventive measures to prevent accidentally or purposely sharing private data. • Digital tools to track and ensure data is not lost, used or accessed by unauthorized users. USE TECNOLOGY ON YOUR SIDE SmartCompliance, Inc. All rights reserved
RULE # 1: All employees must have clear rules for the protection of IT MY PERSONAL RULES SmartCompliance, Inc. All rights reserved • Define first what data does your company need to store & protect?. • Only authorized users can access sensible data. • Keep company’s IT technologies up to date and regularly update the latest system version. • Run tests and "exams" to teach your team to be prepared. Ex: false emails and security campaign at least once a year.
Secure communication channels RULE #2 SmartCompliance, Inc. All rights reserved • Secure your home/office WLAN connection. • Connect tablets, smartphones or PCs of home-office employees to the corporate network. • Virtual private networks (VPNs) are recommended. • Establish connections via a “secure tunnel." • Stay away from public WIFI and hotspots.
Passwords are the first line of defense RULE #3 SmartCompliance, Inc. All rights reserved • Password must be strong and don’t contain personal information. Should contain: • Both upper case and lower-case letters. • Numbers. • At least one special character. • The default administrator password should be replaced with a new one. • Require your team to change their passwords on a regular basis. • Always log out when finished using a password protected service or application. • If a cloud service offers a two-step verification process, then it’s best to use it.
Share files from a cloud secure data center. RULE #4 SmartCompliance, Inc. All rights reserved • Device-based conditional access to block users on unauthorized devices. • Sign out users after a defined period of inactivity. • Send documents through links that expire or require password access. • Grant limited privileges with customized links. • Protect data by identifying sensitive documents and preventing them from being shared.
Always use a cloud service that offers full encryption for your data. RULE #5 SmartCompliance, Inc. All rights reserved • Ideally, the cloud service should offer 256-bit AES military-grade encryption across all its communications and storage. • Read and review the Terms of Service of the cloud provider. • Choose cloud services that have an event of a breach or data disaster. • Microsoft OneDrive is a trusted and reliable platform
Backup your important information RULE #6 SmartCompliance, Inc. All rights reserved • 30 % of people have never backed up their devices. • Laptops are stolen every 53 seconds in the U.S. (Kensington) • Don’t keep all your eggs in one basket. • Regularly update your computer to fix bugs that open you to risk. • Schedule backups to external hard drives or in the cloud in order to keep your data stored safely. • The ideal frequency is weekly, but you can do incremental backups every few days.
Basic security measures and antivirus RULE #7 SmartCompliance, Inc. All rights reserved • Ensure strong anti-malware programs are in place for all your devices. • Avast. • Bitdefender. • F-Secure. • McAfee. • Norton. • Updating is important! Recent updates allow your Data to be more secured. • Be smart with emails and surfing the web. Downloading apps or files can infect your computer. Be careful with the sources you find online, or you receive. Take every “warning box” seriously.
Transparency and legal regulations RULE #8 SmartCompliance, Inc. All rights reserved • If your business collects, processes, and holds personal information you need a transparent privacy policy in place. • Required to ask for consent and explain why you need those details. • No matter your business’ size, you need a secure network to protect processed personal data. • Businesses handling sensitive information like health records or credit cards require regulations. • Have a dedicated Data Protection Officer.
Security engineering RULE #9 SmartCompliance, Inc. All rights reserved • Security controls should be integrated so that security becomes an integral part of system operations. • Develop a set of security standards and practices. • Conduct scans of networks to find vulnerabilities. • Monitor networks and systems for security breaches or intrusions. • Test security solutions using industry standard analysis criteria. • Supervise changes in software, hardware, and user needs.
Monitor vulnerability disclosure RULE #10 SmartCompliance, Inc. All rights reserved • If you notice a vulnerability in a system you use, report it directly to whoever is directly responsible. • If you receive a report that there is a vulnerability in your system, make fixing this your top priority. • Use threat intelligence information to understand threats that are currently targeting or may become a problem for your organization. • Plan an organization’s information security strategy. • Educated staff members on information security through training.
DISCUSSION TIME! Data Security is not a one-time engagement... It is a daily task! SmartCompliance, Inc. All rights reserved
To receive monthly Industry- Exclusive information, subscribe to our Newsletter. smartcompliance.co/newsletter Thank you for attending! SmartCompliance, Inc. All rights reserved

Recommended

Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesSecuring Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesMidmarketIBM
 
Simplitfy - Guarding your Data
Simplitfy - Guarding your DataSimplitfy - Guarding your Data
Simplitfy - Guarding your Data
Erick Solms
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
Michael Noel
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 

Recommended

Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesSecuring Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesMidmarketIBM
 
Simplitfy - Guarding your Data
Simplitfy - Guarding your DataSimplitfy - Guarding your Data
Simplitfy - Guarding your Data
Erick Solms
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
Michael Noel
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
Sandeep Taileng
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation
Nikec Solutions
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
xband
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain Security
ICSA, LLC
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
Nigel Hanson
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
Caston Thomas
 
Computer security
Computer securityComputer security
Computer security
OZ Assignment help
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Kareo
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
Huntsman Security
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
JMS Secure Data
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
mishogelashvili28
 

More Related Content

What's hot

GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
Sandeep Taileng
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation
Nikec Solutions
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
xband
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain Security
ICSA, LLC
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
Nigel Hanson
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
Caston Thomas
 
Computer security
Computer securityComputer security
Computer security
OZ Assignment help
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Kareo
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
Huntsman Security
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 

What's hot (20)

GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
Topic11
Topic11Topic11
Topic11
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain Security
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
Computer security
Computer securityComputer security
Computer security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 

Similar to Lock it or Lose It: Why Every Company Should be Concerned About Data Security

Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
JMS Secure Data
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
mishogelashvili28
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
Rohit Kapoor
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloud
Erik Von Schlehenried
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
Mis
MisMis
Mis
misecho
 
Addressing the Data Security Risks of Cloud-Based Software
Addressing the Data Security Risks of Cloud-Based SoftwareAddressing the Data Security Risks of Cloud-Based Software
Addressing the Data Security Risks of Cloud-Based Software
Kareo
 
Secure End User
Secure End UserSecure End User
Secure End User
Muhammad Salahuddien
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
gppcpa
 
Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnum
ARUN REDDY M
 
Risks and Benefits of Bringing Your Own Device
Risks and Benefits of Bringing Your Own Device Risks and Benefits of Bringing Your Own Device
Risks and Benefits of Bringing Your Own Device
CooperTechnologiesInc
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
Troy C. Fulton
 

Similar to Lock it or Lose It: Why Every Company Should be Concerned About Data Security (20)

Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloud
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Addressing the Data Security Risks of Cloud-Based Software
Addressing the Data Security Risks of Cloud-Based SoftwareAddressing the Data Security Risks of Cloud-Based Software
Addressing the Data Security Risks of Cloud-Based Software
 
Secure End User
Secure End UserSecure End User
Secure End User
 
Mis
MisMis
Mis
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnum
 
Risks and Benefits of Bringing Your Own Device
Risks and Benefits of Bringing Your Own Device Risks and Benefits of Bringing Your Own Device
Risks and Benefits of Bringing Your Own Device
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
 
it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
 

Recently uploaded

一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
v3tuleee
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
Opendatabay
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
NABLAS株式会社
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
vcaxypu
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
Oppotus
 
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Subhajit Sahu
 
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
nscud
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
ewymefz
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
enxupq
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
enxupq
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
Subhajit Sahu
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
ukgaet
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
ArpitMalhotra16
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
NABLAS株式会社
 

Recently uploaded (20)

一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
 
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 

Lock it or Lose It: Why Every Company Should be Concerned About Data Security

  • 1. Lock It or Lose It: Why Every Company Should Be Concerned About Data Security James Benham CEO and Co-founder of SmartCompliance. Entrepreneur & risk technology consultant.
  • 2. - OUR ITINERARY FOR TODAY - SmartCompliance, Inc. All rights reserved • Notable data breaches of the 21st century and learning experiences. • Strategies to use Safe Cloud Environments. • The best tools to assure data is protected. • My personal 10 golden rules of Data Security. • Protection of data in work-remote environments. • Q&A time.
  • 3. BASIC DEFINITIONS • Data is the major asset any company has. • Cloud Data is a necessity and the perfect solution for storage information. • Data security is the practice of protecting digital information from: • Unauthorized access. • Corruption. • Theft throughout its entire lifecycle. DATA PROTECTION NEEDS ORGANIZATION SmartCompliance, Inc. All rights reserved
  • 4. NOTABLE DATA BREACHES OF THE 21st CENTUR SmartCompliance, Inc. All rights reserved Date: October 2013 Impact: 153 million user records Data Breach: • Hackers had stolen nearly 3 million encrypted customer credit card records. • Login data for an undetermined number of user accounts. Repercussions: • August 2015 Adobe pays $1.1 million in legal fees. • Pay an undisclosed amount to users to settle claims of violating the Customer Records Act. *Reported: by security blogger Brian Krebs.
  • 5. Date: 2014 the year of "Cloud celebrity picture leaks fever" Impact: Jennifer Lawrence stolen photos Data Breach: • Phishing scheme that tricked the actress into revealing her usernames and passwords. • Stolen pictures from her own Apple iCloud iPhone/iPad-linked accounts. Repercussions: • George Garofano form Connecticut was sentenced to eight months in prison for his part in the hacking of her cloud and private pictures. NOTABLE DATA BREACHES OF THE 21st CENTURY SmartCompliance, Inc. All rights reserved
  • 6. • Do you encrypt files when sharing information in the cloud? • Do you read Privacy Policies when you sign up or update cloud information? • Do you study the apps that you are sharing information with? • Does your team use strong passwords and two factor authentication? ASK YOUR SELF THESE QUESTIONS SmartCompliance, Inc. All rights reserved
  • 7. Data Loss Prevention (DPL) Software • Classifies what data is sensitive and identifies weak points. • Uses alerts and preventive measures to prevent accidentally or purposely sharing private data. • Digital tools to track and ensure data is not lost, used or accessed by unauthorized users. USE TECNOLOGY ON YOUR SIDE SmartCompliance, Inc. All rights reserved
  • 8. RULE # 1: All employees must have clear rules for the protection of IT MY PERSONAL RULES SmartCompliance, Inc. All rights reserved • Define first what data does your company need to store & protect?. • Only authorized users can access sensible data. • Keep company’s IT technologies up to date and regularly update the latest system version. • Run tests and "exams" to teach your team to be prepared. Ex: false emails and security campaign at least once a year.
  • 9. Secure communication channels RULE #2 SmartCompliance, Inc. All rights reserved • Secure your home/office WLAN connection. • Connect tablets, smartphones or PCs of home-office employees to the corporate network. • Virtual private networks (VPNs) are recommended. • Establish connections via a “secure tunnel." • Stay away from public WIFI and hotspots.
  • 10. Passwords are the first line of defense RULE #3 SmartCompliance, Inc. All rights reserved • Password must be strong and don’t contain personal information. Should contain: • Both upper case and lower-case letters. • Numbers. • At least one special character. • The default administrator password should be replaced with a new one. • Require your team to change their passwords on a regular basis. • Always log out when finished using a password protected service or application. • If a cloud service offers a two-step verification process, then it’s best to use it.
  • 11. Share files from a cloud secure data center. RULE #4 SmartCompliance, Inc. All rights reserved • Device-based conditional access to block users on unauthorized devices. • Sign out users after a defined period of inactivity. • Send documents through links that expire or require password access. • Grant limited privileges with customized links. • Protect data by identifying sensitive documents and preventing them from being shared.
  • 12. Always use a cloud service that offers full encryption for your data. RULE #5 SmartCompliance, Inc. All rights reserved • Ideally, the cloud service should offer 256-bit AES military-grade encryption across all its communications and storage. • Read and review the Terms of Service of the cloud provider. • Choose cloud services that have an event of a breach or data disaster. • Microsoft OneDrive is a trusted and reliable platform
  • 13. Backup your important information RULE #6 SmartCompliance, Inc. All rights reserved • 30 % of people have never backed up their devices. • Laptops are stolen every 53 seconds in the U.S. (Kensington) • Don’t keep all your eggs in one basket. • Regularly update your computer to fix bugs that open you to risk. • Schedule backups to external hard drives or in the cloud in order to keep your data stored safely. • The ideal frequency is weekly, but you can do incremental backups every few days.
  • 14. Basic security measures and antivirus RULE #7 SmartCompliance, Inc. All rights reserved • Ensure strong anti-malware programs are in place for all your devices. • Avast. • Bitdefender. • F-Secure. • McAfee. • Norton. • Updating is important! Recent updates allow your Data to be more secured. • Be smart with emails and surfing the web. Downloading apps or files can infect your computer. Be careful with the sources you find online, or you receive. Take every “warning box” seriously.
  • 15. Transparency and legal regulations RULE #8 SmartCompliance, Inc. All rights reserved • If your business collects, processes, and holds personal information you need a transparent privacy policy in place. • Required to ask for consent and explain why you need those details. • No matter your business’ size, you need a secure network to protect processed personal data. • Businesses handling sensitive information like health records or credit cards require regulations. • Have a dedicated Data Protection Officer.
  • 16. Security engineering RULE #9 SmartCompliance, Inc. All rights reserved • Security controls should be integrated so that security becomes an integral part of system operations. • Develop a set of security standards and practices. • Conduct scans of networks to find vulnerabilities. • Monitor networks and systems for security breaches or intrusions. • Test security solutions using industry standard analysis criteria. • Supervise changes in software, hardware, and user needs.
  • 17. Monitor vulnerability disclosure RULE #10 SmartCompliance, Inc. All rights reserved • If you notice a vulnerability in a system you use, report it directly to whoever is directly responsible. • If you receive a report that there is a vulnerability in your system, make fixing this your top priority. • Use threat intelligence information to understand threats that are currently targeting or may become a problem for your organization. • Plan an organization’s information security strategy. • Educated staff members on information security through training.
  • 18. DISCUSSION TIME! Data Security is not a one-time engagement... It is a daily task! SmartCompliance, Inc. All rights reserved
  • 19. To receive monthly Industry- Exclusive information, subscribe to our Newsletter. smartcompliance.co/newsletter Thank you for attending! SmartCompliance, Inc. All rights reserved