This document provides an overview of cybersecurity for staffing agencies. It discusses why cybersecurity is important given increasing cyber crimes and the large economic costs of data breaches. The objectives are to cover company security culture and programs, cyber crimes, and prevention and reporting. Specific topics include completing a risk assessment to identify assets and threats, determining a security plan and budget, common cyber crime types like phishing and ransomware, social engineering techniques, and steps for prevention through employee awareness training, security policies, and incident reporting procedures.

1. Cybersecurity for
Staffing Agencies
Presented by: Paula Sanchez

2. Introduction
Why is cybersecurity important?
• Increasing number of cyber crimes
• Top of international agenda
• Cost $3 trillion in 2015, expected to
be up to $6 trillion in 2021
• 1 in 4 companies had a data breach
in 2017
• Applies to companies of all sizes

3. Course Objectives
•Company Security
Culture and Program
•Cyber Crimes
•Prevention and
Reporting

4. Company Security Culture
and Program

5. Complete Risk Assessment
• Identify and assess assets
• Are you aware of all assets?

6. What is the current state of
cybersecurity in your company?
• Company perception
• Is security considered
overhead?
• Evaluate gaps and
weaknesses
• Employee awareness
• Executive buy in

7. Identify Threats
• Assess threats (type and
degree)
• Insider threats
• Are executives and
finance weak link?

8. Security Plan
• Determine budget
• Training
• Determine realistic goals
• Reporting procedures

9. Common Cyber Crimes

10. Cyber Crime Types
• Phishing, smishing and
vishing
• Malware-18 million new
samples in 3rd quarter 2016
• Ransomware- up 350% in
2017
• Spoofing

11. Social Engineering
The art of manipulating people so they give up confidential
information.

12. Video

14. Phishing
Phishing is the attempt
to obtain sensitive info
such as account info,
passwords, credit card
info.

15. Phishing Case Study
Walter Stephan, CEO of plane part manufacturer
FACC for 17 years fell for a phishing scam that cost
the company $56.79 million!
HOW COULD THIS HAPPEN?!!
Criminals pretended to be an executive of the
company and sent him an email asking for a secret
transaction.
A fifth was recovered but the rest disappeared into
accounts in Slovakia and Asia.

16. Prevention

17. Employee Awareness
•Security tips
•Newsflashes
•Training
•Current threats

18. Implement IT Policies
• Update software
• Least privilege principle
• Create a password
policy/rules
• Data back up
• 2 factor authentication
• Encryption

19. Incident Reporting
• Create centralized company
reporting hotline
• Timely reporting=better outcome
• Local Police
• US-Cert DHS (www.uscert.gov)
• FBI Internet Crime Center
(www.ic3.gov)
• Other agencies as mandated

20. Questions???