SMBs are a major target in today’s threat landscape since larger organizations have invested in security measures in the last couple of years. Find out how much your data is worth and the best way to safeguard those assets from our experts. According to StaySafeOnline.org, attacks on SMBs account for over 70% of data breaches, a figure that is on the rise. Sophisticated digital criminals easily exploit businesses with limited security budgets, outdated security controls, and untrained employees. Not to mention, insider threats are becoming more prevalent. Each security incident costs SMBs a loss of $120k, on average. So what can you do about it? Data security requires implementing the right technology, people, and processes. Like many SMBs, you may see the value in security, but may not be sure where to start. Join our panel of experts in this educational webinar to find out what steps you can take to protect your business today and its valuable assets. We’ll review current trends in attack methods, how to determine what to protect, and what methods are best suited for your objectives. Takeaways and Learning Objectives Find out what threats are most common today and how to prevent them. Get actionable tips on how to protect your business in the short-term and long-term, despite budget and resource constraints. Get clarity on data security best practices, including tools, policies, processes and developing a culture of security.

1. Too Small to Get
Hacked? Think Again.
Actionable Strategies to Protect your SMB

2. Agenda
• Introductions
• The Current Security Landscape
• Most Common Types of Threats &
Cyberattacks
• How to Prevent the Most Common Types of
Threats (at any budget)
• Why and How Engage with Vendors
• Q&A

3. Meet the Speakers
Nikola Todev
Head of Info Sec
OnRamp
Nemi George
Sr. Director of Info Sec
& Service Operations,
Pacific Dental Services
Terry McDaniel
Vice President of IT &
Executive
Source Power and Gas

4. About OnRamp
OnRamp, a LightEdge company, offers
HITRUST-certified data center
services with a focus on delivering
highly available and secure hybrid
hosting.
The combination of OnRamp and
LightEdge creates the strongest
compliance and security solutions
portfolio on the market.
Together, they operate 7 enterprise-class data centers to deploy cloud computing,
colocation, disaster recovery and managed services.

5. About Source
Power & Gas
Source Power & Gas is a Texas-based retail energy provider with
retail operations in the Texas, Illinois, Ohio, Maryland and New Jersey
markets. We pride ourselves on providing both competitive rates and
exceptional customer service to all our customers - from residential
consumers to the largest commercial and industrial clients.
More at www.spgenergy.com

6. About Pacific
Dental Services
Founded in 1994, Pacific Dental Services® (PDS®) is
one of the country’s leading dental support
organizations, providing supported autonomy that
enables dentists to concentrate on clinical excellence
and the highest levels of cost-effective comprehensive
patient care. PDS originated the PRIVATE PRACTICE+®
model to enable dentists to focus on their passion:
serving patients.
More at www.pacificdentalservices.com

7. POLL

8. 58% all cyberattacks target small businesses
2018 Verizon Data Breach Investigations Report (DBIR)
2018 Cost of a Data Breach Study by Ponemon
The average total cost of a data breach
reached $3.86 million in 2018
27.9%
$4M
2018
Likelihood of a recurring material breach
over the next two years:
The Current Landscape

9. What is a Cyberthreat?
• External Threats – I.e. Social Engineering
• Insider Threats – I.e. Employee maliciously sells login credentials
to access valuable info
Types of Cyberthreats
The possibility of a malicious attempt to damage or disrupt a
computer network or system with the intention to access files or
steal data.

10. Most Common Types of
Cyberattacks
1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
2. Man-in-the-middle (MitM) attack
3. Phishing and spear phishing attacks
4. Drive-by attack
5. Password attack
6. SQL injection attack
7. Cross-site scripting (XSS) attack
8. Eavesdropping attack
9. Birthday attack
10. Malware attack
netwrix.com 2018
thebestvpn.com
1 in 131
emails
contains a
malware

11. POLL

12. How Can You Protect Your
Business?
• Perform analysis of the value of your assets. Which
assets are worth protecting?
• Understand how your business services interact with
the customers
• Develop goals for managing risks, security and
compliance
• Implement an Information Security Management
Program and Governance
• Determine what resources are available to achieve
goals. Will you need the assistance of outside vendors?

13. Classification of Assets
How data is used and/or accessed determines the level of
risk you’re willing to accept and the time, effort, and
money it takes to secure assets based on their value.
What is the impact of these assets to your operations?
(financial implications, reputational damage, loss of
business opportunities, or legal consequences)
Image Source: securefirstsolutions.com

14. How Can You Protect Your
Business (Cont.)
Take a holistic approach:
• People
• Program Development
• Processes, Policies, and
Procedures
• Technology
Risk Management Process
Communicate

15. People
• Conduct Employee Training (at least once per year)
• General Training
• Group-Specific Training
• Manage roles and identities
• Use gamification of security awareness to develop a culture of
security
Your employees are either your greatest asset or weakest
link! 47% of data breaches are caused by employee
negligence. For example, weak, stolen or reused passwords
cause 81% of breaches.
SecuirtyMagazine.com
InfoSecurityMagazine.com

16. Develop an Information Security
Management Program
• System with built in maturity assessment and
measurement of control effectiveness. SANS top 20,
ISO 27001, are a good place to start.
• Creates a minimum bench mark for operation and also
sets a target for compliance and remediation. The
program must be backed up with a minimum
technology security baseline program.
• Create a security score card

17. Processes, Policies, &
Procedures
Focus on user centric security and audit operational and business
processes. Be sure to enforce policies once they’re developed:
• I.e. Data Classification Policy, DLP, Acceptable Use Policy,
Change Management Policy, Remote Access Policy,
Remote Access Policy, Password Policy
• Implement controls that prevent issues before they occur:
• I.e. Network Segmentation, Access Control
• Perform periodic security assessments/audits with penetration
testing
• Be prepared for incidents: Conduct simulations, including
incident response

18. Technology
Choose tools that assist in managing
the risks of your business services -
defense, monitoring, threat awareness,
visibility and automation.
Detection
Response
Prevention
Redundancy is also key. Use data backups and implement
a disaster recovery plan
•Data encryption in transit and at rest
•Firewalls
•Identity and access management
•Multi-factor authentication
•Cloud encryption
•Audit logs showing access to data
•Vulnerability scanning, intrusion
detection/prevention
•Hardware and OS patching
•Security Audits
•Security Information & Event Management
(SIEM)

19. SMB Case Studies
Code Spaces: a former SaaS provider
Attacked via DDoS through its Amazon Cloud control panel. Hackers erased data,
backups, offsite backups, & configurations before extorting the business by claiming
a fee to resolve their issues. Code Spaces was unable to resolve the issue and repay
customers. Code Spaces was unable to continue operations and closed.
Medium-sized Retail Organization
Organization had a very robust Cyber-security plan with a tested DR
plan. A key vendor of the organization, while going through integration
work, was successfully attacked with ransomware. The security
posturing of ABC Company prevented the attack from entering ABC’s
systems, the vendor attack took out operations for over two weeks. The
final cost to the vendor is still being determined but ABC company lost
close to half a million dollars because of the impact to the day to day
operations
Nearly 60% of small businesses that fail within six months of being hacked.

20. Vendor Assessment
Security
Understands
Your Business
Goals
Credentials &
Certifications
Service Level
Agreements (SLAs)
Meets Your BAA
Requirements (If
applicable)
Expertise in Your
Industry
Availability &
Scalability

21. Beware of 3rd Party Risk Indicators
• Turnover of the vendor’s key personnel
• IT glitches, operational failures and
stoppages
• Outdated IT systems and equipment
• History of frequent data breach
incidents
• Legal actions against the vendor
• Poorly written security and privacy
policies and procedures

22. Thank you! Questions?

23. Contact Us
Nikola Todev
Head of Info Sec
OnRamp
Ntodev@lightedge.com
Nemi George
Sr. Director of Info Sec
& Service Operations,
Pacific Dental Services
Nemi.George@pacden.
com
Terry McDaniel
Vice President of IT &
Executive
Source Power and Gas
tmcdaniel@spgenergy.com