Your Organizational Security Probably Sucks

Your Organizational Security Probably Sucks

by Theresa Miller24x7 IT Connection, LLC

www.24x7itconnection.com

Agenda• Memory Lane• Be prepared for “when”• Business Reputation Matters• What can you do? Large and small organization

Memory Lane

Memory Lane

Memory Lane

Memory Lane

It’s no longer “if” it will happen , but how prepared your organization will be “when” it happens.

What has changed?• Technology has been around for some time now• Black Hat Hackers• Financial data – Traditionally sought after• Medical data – Newer Target• http://blogs.citrix.com/2015/04/08/healthcare-past-present-f

uture/• Health data is worth 10 times more than credit card data on

the black market. Predicting $5.6 billion price tag for healthcare breaches this year.

Business Reputation Matters

Forbes http://www.forbes.com/sites/davelewis/2014/12/16/sony-pictures-data-breach-and-the-pr-nightmare/

SC Magazinehttp://www.scmagazine.com/a-look-at-anthems-pr-response-following-the-data-breach/article/396990/

Can we really protect our organizational data?

What Can I do? Large organization•Regular system patching and maintenance•Servers and Workstations• Includes all software that your organization uses•This will cover you for up to 80% of vulnerabilities•What about the remaining 20%?

What can I do? Large organization•Security checks with penetration testing at least twice per year!•Remediate, remediate, remediate

What can I do? Large organization•Retire the really old legacy systems•Typically cannot be patched•Use older security strategies that can be hacked

What can I do? Large organization•Have excellent backups and backups of the backups

What can I do? Large organization•Using more than one technology or a product that includes more than one layer of protection. •Email scanning• Intrusion Detection•Endpoint recording to watch for anomalies•Laptop encryption

What can I do? Large organization•Public Relations and Business Planning•Legal and PR playbook in order

What can I do? Any organization•Educate users to “think before they click”

I am just a small business, I cannotafford a complex security strategy!

What can I do? Small business•Protect your PC’s •Virus and malware scanning

What can I do? Small business•Choose a reputable hosted Service provider•Microsoft or Amazon

What can I do? Small business•Have good backups of data•Modern day attacks can even destroy your backups

What can I do? Small business•Public Relations and Business Planning

• Legal representation• Plan for public communication

There is no such thing as Zero risk

Protect your Organization From..• Advancements in Malware• Blackhat Hackers• Financial Theft• Medical Theft • What we did in the past, will no longer carry Our organizations into the future

Take Action Now!

Questions??