SlideShare a Scribd company logo
_________________
A special webinar by FRSecure
Hosted by: Evan Francen, FRSecure CEO
With a TON of support from our team.
_________________
Agenda
• Introductions.
• Before we get started.
• Our topics.
• How to securely shift employees to remote work during social
distancing.
• Some of the current social engineering scams around COVID-19
and how to avoid them.
• How to create or adjust your business's disaster recovery plan.
• Where to go if/when you need help.
#MissionBeforeMoney
_________________
Introductions
You know me? Maybe you think you do…
Evan Francen, FRSecure CEO (and chief introvert)
• I do a bunch of information security stuff.
• I started some things (FRSecure in 2008, SecurityStudio in 2017)
• I create some things (S²Score, S²Org, S²Vendor, S²Team, S²Me, etc.)
• I do some talks here and there (30ish/year, weekly UNSECURITY
Podcast, etc.)
• I do some writing (UNSECURITY published last year)
• I do some teaching (CISSP Mentor Program, 6 students  1,000+
students)
#MissionBeforeMoney
_________________
Introductions
Who from FRSecure is here?
Say “hi”, tell us your name and what you do…
#MissionBeforeMoney
_________________
Before we get started.
Some things to share with you.
#1 – The current state of affairs.
• Unprecedented events.
• In less than two weeks, we’ve stepped into the Twilight Zone:
• Schools are closed.
• Travel is restricted.
• Professional sports are on hold.
• Gatherings of any scale are cancelled; theme parks, concerts,
parties, weddings, etc.
• No TP, hand sanitizer, canned goods, etc.
#MissionBeforeMoney
https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data/csse_covid_19_time_series
We’re NOT medical experts. We’re
information security people, reason
people, and mathy people.
#MissionBeforeMoney
https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data/csse_covid_19_time_series
#MissionBeforeMoney
_________________
Before we get started.
Some things to share with you.
Should you panic?
• NO!!!
• The math sort of tells us a couple things:
• We (probably) haven’t turned the corner yet.
• This will (probably) go on longer than you or I want it to.
• We (probably) aren’t too late.
• If you get infected (unlikely), it’s (probably) not a death sentence.
.0019% of the US population has
been infected (that we know).
.000033% of the US population has
not survived (that we know).
The key is isolation.
This is fine for an introvert like
me, but not for everyone…
In a welcome piece of good news about Covid-19, a team of infectious
disease experts calculates that the fatality rate in people who have
symptoms of the disease caused by the new coronavirus is about 1.4%
https://www.statnews.com/2020/03/16/lower-coronavirus-death-rate-estimates/
#MissionBeforeMoney
_________________
Before we get started.
Some things to share with you.
#2 – My pledge.
• I will NOT panic.
• I will NOT give in to fear.
• I WILL think things through.
• I WILL make prudent decisions based upon the best (non-biased) information
available.
• I WILL be the person I’ve always been and learn to be better.
• I WILL help my fellow humans whenever and however I can, putting my family first.
• I will NOT use this (or anything else) to take advantage of people, and
• I will NEVER put someone in danger if I can help it.
#MissionBeforeMoney
https://www.linkedin.com/posts/evanfrancen_coronavirus-panic-fear-activity-6645385153218703361-GJ9B
_________________
Before we get started.
Some things to share with you.
#3 – FRSecure Open Letter.
• FRSecure's Commitment to You Regarding COVID-19 - March 16, 2020
Open Letter
• Sent via email to all contacts on 3/16.
• Posted to LinkedIn on 3/17
• Essentially, FRSecure is taking all prudent steps, we will be there
for each other and all customers, and we expect no disruption to
service.
https://www.linkedin.com/pulse/frsecures-commitment-you-regarding-covid-19-march-16-evan-francen/
#MissionBeforeMoney
_________________
Before we get started.
Some things to share with you.
#4 – Ideas we’re kicking around.
• FRSecure & SecurityStudio Daily inSANITY Check-in
• Frequent webinars about the topics you tell us you want
• Creating free tools and content you tell us you want/need and some
stuff that we think you want/need.
• We are, and will continue to be a stable and calm influence
throughout the COVID-19 pandemic.
• We will provide safe places for people to come and express opinions
about information security (or anything else).
Stay tuned.
We tell you how to at the end.
#MissionBeforeMoney
_________________
Before we get started.
OK. Transition…
We have other stuff to talk about too!
• What is the impact of COVID-19 on information security?
• How to securely shift employees to remote work during social
distancing.
• Some of the current social engineering scams around COVID-19 and
how to avoid them.
• How to create or adjust your business's disaster recovery plan.
#MissionBeforeMoney
_________________
What is the impact of COVID-19 on information security?
What is the impact of COVID-19 on information security?
• Data doesn’t exist for many of the specifics, so we rely on our
experiences and the (non-quantifiable) inputs we do have.
• Based upon what we know about people, and the people who take
advantage of people (attackers), this is what we know:
• People are and will be (justifiably) distracted.
• Attacks will increase in frequency, and maybe impact too.
• From this, we created the bass and the barracuda diagrams to
illustrate.
Stick with me, I’ll explain…
#MissionBeforeMoney
_________________
What is the impact of COVID-19 on information security?
The Bass
Don’t be a bass.
#MissionBeforeMoney
_________________
What is the impact of COVID-19 on information security?
The Barracuda
Be a barracuda!
The key is to maintain
awareness.
#MissionBeforeMoney
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
• What are the best practices that all organizations should employ?
• People.
• Technological.
• Physical.
One idea to help you…
#MissionBeforeMoney
_________________
A special webinar by FRSecure
Hosted by: Evan Francen, FRSecure CEO
With a TON of support from our team.
THE IMPACT OF COVID-19 ON INFOSEC PT. 2
WHERE WE LEFT OFF
• How to communicate with vendors from home (especially if vendors are working from
home too)?
• How do you feel about letting users use their personal computer to connect to their
organization’s computer such as LogMeIn?
• What about old Windows 7 PC's? Probably shouldn’t use these for work, but could family
use these for school?
• How about connecting remote workers into their VM using a web interface/browser? Any
issues to watch out for?
• How would one harden against a split tunnel situation?
• Any thoughts on required printing when working from home and potential for PII or other
sensitive information?
• Assuming this situation is temporary, what tools/techniques can you recommend to
document the changes so that we don't miss undoing any of the adjustments we make to
infrastructure, etc.?
UNANSWERED Q&A FROM LAST SESSION
#MissionBeforeMoney
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
#MissionBeforeMoney
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
#MissionBeforeMoney
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss.
#MissionBeforeMoney
_________________
How to securely shift employees to remote work during
social distancing.
• Let’s discuss. Press release this morning that S2Me
and S2Team are available at no cost.
#MissionBeforeMoney
_________________
Quick Question (maybe two)
What’s next…
#MissionBeforeMoney
_________________
Some of the current social engineering scams around COVID-19 and
how to avoid them.
https://arstechnica.com/information-
technology/2020/03/the-internet-is-drowning-in-covid-19-
related-malware-and-phishing-scams/
https://www.modernhealthcare.com/cybersecurity/hackers-
taking-advantage-covid-19-spread-malware
https://globalnews.ca/news/6690907/coronavirus-peterborough-
scams/
https://www.wxyz.com/news/national/coronavirus/police-warn-of-covid-19-
scams-that-target-elderly-population-in-metro-detroit
#MissionBeforeMoney
_________________
Quick Question (maybe two)
What’s next…
#MissionBeforeMoney
_________________
How to create or adjust your business's disaster recovery
plan.
• More discussion.
• How many of us have a disaster recovery plan?
• Of those who have them, how many are worth salvaging versus
starting over?
• Do pandemics usually go in a disaster recovery plan or a business
continuity plan or both?
• And maybe more…
#MissionBeforeMoney
_________________
Quick Question (maybe two)
What’s next…
#MissionBeforeMoney
_________________
What now?
Please let us know how we can serve you!
• Contact us:
• Web: https://frsecure.com/contact/
• Phone: 877-384-2069
• Follow us:
• FRSecure Twitter: @frsecure
• Evan Twitter: @evanfrancen
• FRSecure LinkedIn: https://www.linkedin.com/company/frsecure-llc
• Evan LinkedIn: https://www.linkedin.com/in/evanfrancen/
#MissionBeforeMoney
Please be safe!

More Related Content

More from Evan Francen

MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People.  The Social Engineer's Dream - TechPulse 2017People.  The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
Evan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
Evan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
Evan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
Evan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
Evan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
Evan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
Evan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
Evan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
Evan Francen
 

More from Evan Francen (15)

MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People.  The Social Engineer's Dream - TechPulse 2017People.  The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Recently uploaded

ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」
ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」
ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」
Katsuya Shiratori
 
Maximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning WorkshopMaximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning Workshop
chris908327
 
Virtual Production Tool Set and Technologies Redefining Cinema.pdf
Virtual Production Tool Set and Technologies Redefining Cinema.pdfVirtual Production Tool Set and Technologies Redefining Cinema.pdf
Virtual Production Tool Set and Technologies Redefining Cinema.pdf
virtualproduction38
 
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptxThe-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
Jindal Global University, Sonipat Haryana 131001
 
Look at our July library display on Mining
Look at our July library display on MiningLook at our July library display on Mining
Look at our July library display on Mining
NZSG
 
Business Model Canvas for Successful Business
Business Model Canvas for Successful BusinessBusiness Model Canvas for Successful Business
Business Model Canvas for Successful Business
SuganthiPrakash1
 
AI and Best Use Cases for Your Personal Life.pptx
AI and Best Use Cases for Your Personal Life.pptxAI and Best Use Cases for Your Personal Life.pptx
AI and Best Use Cases for Your Personal Life.pptx
Brian Frerichs
 
21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf
21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf
21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf
emmanuelpulido003
 
Restaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel HammametRestaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel Hammamet
rihabkorbi24
 
A Playbook for Solo & Siloed Data Science Practitioners
A Playbook for Solo & Siloed Data Science PractitionersA Playbook for Solo & Siloed Data Science Practitioners
A Playbook for Solo & Siloed Data Science Practitioners
Tim Wilson
 
YouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdfYouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdf
grizzyhuncho
 
Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...
Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...
Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...
margaretblush
 
ShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptxShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptx
macwanvancy
 
TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...
TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...
TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...
kevinkariuki227
 
Top five predictions today, .
Top five predictions today,            .Top five predictions today,            .
Top five predictions today, .
Rupasingh82
 
upGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptxupGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptx
himanshubclubofgsv
 
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
Newman George Leech
 
What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.
Doug Hall
 
How Do Flange Adapters Work and Why Are They Essential?
How Do Flange Adapters Work and Why Are They Essential?How Do Flange Adapters Work and Why Are They Essential?
How Do Flange Adapters Work and Why Are They Essential?
Texas Flange
 
Standard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital MarketingStandard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital Marketing
Dipendra Prasad Poudel
 

Recently uploaded (20)

ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」
ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」
ハワイ大学留学プログラム最終プレゼン「ハワイ大学マノア校におけるシェアリングモビリティの提案」
 
Maximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning WorkshopMaximise your Business Potential: Annual Planning Workshop
Maximise your Business Potential: Annual Planning Workshop
 
Virtual Production Tool Set and Technologies Redefining Cinema.pdf
Virtual Production Tool Set and Technologies Redefining Cinema.pdfVirtual Production Tool Set and Technologies Redefining Cinema.pdf
Virtual Production Tool Set and Technologies Redefining Cinema.pdf
 
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptxThe-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
 
Look at our July library display on Mining
Look at our July library display on MiningLook at our July library display on Mining
Look at our July library display on Mining
 
Business Model Canvas for Successful Business
Business Model Canvas for Successful BusinessBusiness Model Canvas for Successful Business
Business Model Canvas for Successful Business
 
AI and Best Use Cases for Your Personal Life.pptx
AI and Best Use Cases for Your Personal Life.pptxAI and Best Use Cases for Your Personal Life.pptx
AI and Best Use Cases for Your Personal Life.pptx
 
21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf
21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf
21stcenturyskillsframeworkfinalpresentation2-240509214747-71edb7ee.pdf
 
Restaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel HammametRestaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel Hammamet
 
A Playbook for Solo & Siloed Data Science Practitioners
A Playbook for Solo & Siloed Data Science PractitionersA Playbook for Solo & Siloed Data Science Practitioners
A Playbook for Solo & Siloed Data Science Practitioners
 
YouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdfYouTube Automation Step-by-step Guide.pdf
YouTube Automation Step-by-step Guide.pdf
 
Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...
Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...
Girls Call Andheri West 9910780858 Provide Best And Top Girl Service And No1 ...
 
ShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptxShotOniPhone campaign by Vancy macwan.pptx
ShotOniPhone campaign by Vancy macwan.pptx
 
TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...
TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...
TEST BANK For Auditing & Assurance Services A Systematic Approach, 12th Editi...
 
Top five predictions today, .
Top five predictions today,            .Top five predictions today,            .
Top five predictions today, .
 
upGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptxupGrad_Case_Study_by_Himanshu_Singh.pptx
upGrad_Case_Study_by_Himanshu_Singh.pptx
 
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
 
What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.What's your strategy? Getting tactical about being strategic.
What's your strategy? Getting tactical about being strategic.
 
How Do Flange Adapters Work and Why Are They Essential?
How Do Flange Adapters Work and Why Are They Essential?How Do Flange Adapters Work and Why Are They Essential?
How Do Flange Adapters Work and Why Are They Essential?
 
Standard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital MarketingStandard Operating Procedure for Digital Marketing
Standard Operating Procedure for Digital Marketing
 

The Impact of COVID-19 on Information Security

  • 1. _________________ A special webinar by FRSecure Hosted by: Evan Francen, FRSecure CEO With a TON of support from our team.
  • 2. _________________ Agenda • Introductions. • Before we get started. • Our topics. • How to securely shift employees to remote work during social distancing. • Some of the current social engineering scams around COVID-19 and how to avoid them. • How to create or adjust your business's disaster recovery plan. • Where to go if/when you need help. #MissionBeforeMoney
  • 3. _________________ Introductions You know me? Maybe you think you do… Evan Francen, FRSecure CEO (and chief introvert) • I do a bunch of information security stuff. • I started some things (FRSecure in 2008, SecurityStudio in 2017) • I create some things (S²Score, S²Org, S²Vendor, S²Team, S²Me, etc.) • I do some talks here and there (30ish/year, weekly UNSECURITY Podcast, etc.) • I do some writing (UNSECURITY published last year) • I do some teaching (CISSP Mentor Program, 6 students  1,000+ students) #MissionBeforeMoney
  • 4. _________________ Introductions Who from FRSecure is here? Say “hi”, tell us your name and what you do… #MissionBeforeMoney
  • 5. _________________ Before we get started. Some things to share with you. #1 – The current state of affairs. • Unprecedented events. • In less than two weeks, we’ve stepped into the Twilight Zone: • Schools are closed. • Travel is restricted. • Professional sports are on hold. • Gatherings of any scale are cancelled; theme parks, concerts, parties, weddings, etc. • No TP, hand sanitizer, canned goods, etc. #MissionBeforeMoney
  • 6. https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data/csse_covid_19_time_series We’re NOT medical experts. We’re information security people, reason people, and mathy people. #MissionBeforeMoney
  • 8. _________________ Before we get started. Some things to share with you. Should you panic? • NO!!! • The math sort of tells us a couple things: • We (probably) haven’t turned the corner yet. • This will (probably) go on longer than you or I want it to. • We (probably) aren’t too late. • If you get infected (unlikely), it’s (probably) not a death sentence. .0019% of the US population has been infected (that we know). .000033% of the US population has not survived (that we know). The key is isolation. This is fine for an introvert like me, but not for everyone… In a welcome piece of good news about Covid-19, a team of infectious disease experts calculates that the fatality rate in people who have symptoms of the disease caused by the new coronavirus is about 1.4% https://www.statnews.com/2020/03/16/lower-coronavirus-death-rate-estimates/ #MissionBeforeMoney
  • 9. _________________ Before we get started. Some things to share with you. #2 – My pledge. • I will NOT panic. • I will NOT give in to fear. • I WILL think things through. • I WILL make prudent decisions based upon the best (non-biased) information available. • I WILL be the person I’ve always been and learn to be better. • I WILL help my fellow humans whenever and however I can, putting my family first. • I will NOT use this (or anything else) to take advantage of people, and • I will NEVER put someone in danger if I can help it. #MissionBeforeMoney https://www.linkedin.com/posts/evanfrancen_coronavirus-panic-fear-activity-6645385153218703361-GJ9B
  • 10. _________________ Before we get started. Some things to share with you. #3 – FRSecure Open Letter. • FRSecure's Commitment to You Regarding COVID-19 - March 16, 2020 Open Letter • Sent via email to all contacts on 3/16. • Posted to LinkedIn on 3/17 • Essentially, FRSecure is taking all prudent steps, we will be there for each other and all customers, and we expect no disruption to service. https://www.linkedin.com/pulse/frsecures-commitment-you-regarding-covid-19-march-16-evan-francen/ #MissionBeforeMoney
  • 11. _________________ Before we get started. Some things to share with you. #4 – Ideas we’re kicking around. • FRSecure & SecurityStudio Daily inSANITY Check-in • Frequent webinars about the topics you tell us you want • Creating free tools and content you tell us you want/need and some stuff that we think you want/need. • We are, and will continue to be a stable and calm influence throughout the COVID-19 pandemic. • We will provide safe places for people to come and express opinions about information security (or anything else). Stay tuned. We tell you how to at the end. #MissionBeforeMoney
  • 12. _________________ Before we get started. OK. Transition… We have other stuff to talk about too! • What is the impact of COVID-19 on information security? • How to securely shift employees to remote work during social distancing. • Some of the current social engineering scams around COVID-19 and how to avoid them. • How to create or adjust your business's disaster recovery plan. #MissionBeforeMoney
  • 13. _________________ What is the impact of COVID-19 on information security? What is the impact of COVID-19 on information security? • Data doesn’t exist for many of the specifics, so we rely on our experiences and the (non-quantifiable) inputs we do have. • Based upon what we know about people, and the people who take advantage of people (attackers), this is what we know: • People are and will be (justifiably) distracted. • Attacks will increase in frequency, and maybe impact too. • From this, we created the bass and the barracuda diagrams to illustrate. Stick with me, I’ll explain… #MissionBeforeMoney
  • 14. _________________ What is the impact of COVID-19 on information security? The Bass Don’t be a bass. #MissionBeforeMoney
  • 15. _________________ What is the impact of COVID-19 on information security? The Barracuda Be a barracuda! The key is to maintain awareness. #MissionBeforeMoney
  • 16. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. • What are the best practices that all organizations should employ? • People. • Technological. • Physical. One idea to help you… #MissionBeforeMoney
  • 17. _________________ A special webinar by FRSecure Hosted by: Evan Francen, FRSecure CEO With a TON of support from our team.
  • 18. THE IMPACT OF COVID-19 ON INFOSEC PT. 2 WHERE WE LEFT OFF • How to communicate with vendors from home (especially if vendors are working from home too)? • How do you feel about letting users use their personal computer to connect to their organization’s computer such as LogMeIn? • What about old Windows 7 PC's? Probably shouldn’t use these for work, but could family use these for school? • How about connecting remote workers into their VM using a web interface/browser? Any issues to watch out for? • How would one harden against a split tunnel situation? • Any thoughts on required printing when working from home and potential for PII or other sensitive information? • Assuming this situation is temporary, what tools/techniques can you recommend to document the changes so that we don't miss undoing any of the adjustments we make to infrastructure, etc.? UNANSWERED Q&A FROM LAST SESSION #MissionBeforeMoney
  • 19. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. #MissionBeforeMoney
  • 20. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. #MissionBeforeMoney
  • 21. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. #MissionBeforeMoney
  • 22. _________________ How to securely shift employees to remote work during social distancing. • Let’s discuss. Press release this morning that S2Me and S2Team are available at no cost. #MissionBeforeMoney
  • 23. _________________ Quick Question (maybe two) What’s next… #MissionBeforeMoney
  • 24. _________________ Some of the current social engineering scams around COVID-19 and how to avoid them. https://arstechnica.com/information- technology/2020/03/the-internet-is-drowning-in-covid-19- related-malware-and-phishing-scams/ https://www.modernhealthcare.com/cybersecurity/hackers- taking-advantage-covid-19-spread-malware https://globalnews.ca/news/6690907/coronavirus-peterborough- scams/ https://www.wxyz.com/news/national/coronavirus/police-warn-of-covid-19- scams-that-target-elderly-population-in-metro-detroit #MissionBeforeMoney
  • 25. _________________ Quick Question (maybe two) What’s next… #MissionBeforeMoney
  • 26. _________________ How to create or adjust your business's disaster recovery plan. • More discussion. • How many of us have a disaster recovery plan? • Of those who have them, how many are worth salvaging versus starting over? • Do pandemics usually go in a disaster recovery plan or a business continuity plan or both? • And maybe more… #MissionBeforeMoney
  • 27. _________________ Quick Question (maybe two) What’s next… #MissionBeforeMoney
  • 28. _________________ What now? Please let us know how we can serve you! • Contact us: • Web: https://frsecure.com/contact/ • Phone: 877-384-2069 • Follow us: • FRSecure Twitter: @frsecure • Evan Twitter: @evanfrancen • FRSecure LinkedIn: https://www.linkedin.com/company/frsecure-llc • Evan LinkedIn: https://www.linkedin.com/in/evanfrancen/ #MissionBeforeMoney Please be safe!